resources.trendmicro.com Open in urlscan Pro
199.15.212.64 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn
Effective URL:
https://resources.trendmicro.com/datacenter-attack.html
Submission: On January 22 via manual (January 22nd 2019, 8:05:09 pm UTC) from US

Summary HTTP 178 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 69 IPs in 7 countries across 57 domains to perform 178 HTTP transactions. The main IP is 199.15.212.64, located in San Mateo, United States and belongs to MARKETO - MARKETO, Inc., US. The main domain is resources.trendmicro.com.
TLS certificate: Issued by AffirmTrust Certificate Authority - OV1 on August 28th 2017. Valid for: 2 years.

This is the only time resources.trendmicro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	199.15.213.48 199.15.213.48	53580 (MARKETO) (MARKETO - MARKETO)
1 15	92.123.8.62 92.123.8.62	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2606:4700:20:... 2606:4700:20::6818:4909	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
33	104.111.215.136 104.111.215.136	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3 4	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
4	159.122.87.148 159.122.87.148	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
3	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
8	159.122.87.153 159.122.87.153	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	23.60.198.210 23.60.198.210	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 4	172.217.16.166 172.217.16.166	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
3	104.111.214.229 104.111.214.229	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	178.249.101.23 178.249.101.23	11054 (LIVEPERSON) (LIVEPERSON - LivePerson)
4	184.31.90.101 184.31.90.101	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE - Google LLC)
5	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	18.195.154.247 18.195.154.247	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	23.54.113.142 23.54.113.142	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a00:1450:400... 2a00:1450:4001:81a::2002	() ()
3	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:f1:... 2a02:26f0:f1:28a::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 8	2a00:1450:401... 2a00:1450:4016:807::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
5	199.15.212.64 199.15.212.64	53580 (MARKETO) (MARKETO - MARKETO)
1	2600:9000:200... 2600:9000:200d:9a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6 7	176.34.190.23 176.34.190.23	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:814::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2.18.232.15 2.18.232.15	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	192.28.144.124 192.28.144.124	53580 (MARKETO) (MARKETO - MARKETO)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	54.86.176.243 54.86.176.243	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3 9	199.255.32.6 199.255.32.6	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1	2a03:6400:10:... 2a03:6400:10:0:178:249:97:98	11054 (LIVEPERSON) (LIVEPERSON - LivePerson)
1	2a03:6400:10:... 2a03:6400:10:0:178:249:97:99	11054 (LIVEPERSON) (LIVEPERSON - LivePerson)
2	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON - LivePerson)
2 2	2a00:1450:400... 2a00:1450:400c:c08::9c	() ()
1	34.250.87.119 34.250.87.119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.223.222 13.32.223.222	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.244.46.48 104.244.46.48	13414 (TWITTER) (TWITTER - Twitter Inc.)
2	199.255.34.44 199.255.34.44	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1	18.195.195.24 18.195.195.24	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	199.16.156.11 199.16.156.11	13414 (TWITTER) (TWITTER - Twitter Inc.)
1 2	52.59.59.238 52.59.59.238	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	213.19.162.80 213.19.162.80	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
2	151.101.2.2 151.101.2.2	54113 (FASTLY) (FASTLY - Fastly)
8 9	54.75.253.95 54.75.253.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
1 2	3.122.73.35 3.122.73.35	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1288:110... 2a00:1288:110:833::4000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	18.153.11.22 18.153.11.22	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	185.33.223.221 185.33.223.221	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	54.209.224.234 54.209.224.234	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
1 1	216.58.205.226 216.58.205.226	() ()
2 3	2620:109:c007... 2620:109:c007:102::5be1:f885	197612 (LINKEDIN-1) (LINKEDIN-1)
1 1	2620:109:c002... 2620:109:c002::6cae:a0a	() ()
1	23.53.172.5 23.53.172.5	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	199.16.156.9 199.16.156.9	13414 (TWITTER) (TWITTER - Twitter Inc.)
2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2606:4700::68... 2606:4700::6813:c797	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2600:3c00::f0... 2600:3c00::f03c:91ff:fe60:d792	63949 (LINODE-AP...) (LINODE-AP Linode)
6	52.216.166.45 52.216.166.45	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.223.99 13.32.223.99	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.223.153 13.32.223.153	() ()
1	80.252.91.52 80.252.91.52	() ()
2	35.156.95.17 35.156.95.17	() ()
178	69

1 199.15.213.48 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

visit.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 92.123.8.62 (France) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a92-123-8-62.deploy.static.akamaitechnologies.com

www.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::6818:4909 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

customer.cludo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 104.111.215.136 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-215-136.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::2004 (Ireland) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.122.87.148 (Frankfurt, Germany)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 94.57.7a9f.ip4.static.sl-reverse.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:825::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 159.122.87.153 (Frankfurt, Germany)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 99.57.7a9f.ip4.static.sl-reverse.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.60.198.210 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-60-198-210.deploy.static.akamaitechnologies.com

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.166 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f166.1e100.net

5427711.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.214.229 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-214-229.deploy.static.akamaitechnologies.com

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
364bf52d.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.23 (Netherlands)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.31.90.101 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-90-101.deploy.static.akamaitechnologies.com

libs.coremetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.31.84.223 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.154.247 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-154-247.eu-central-1.compute.amazonaws.com

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.54.113.142 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-54-113-142.deploy.static.akamaitechnologies.com

corelib.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2002 (Ireland) 1 redirects

ASN- ()

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:28a::3adf (European Union)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4016:807::200e (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 199.15.212.64 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

resources.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:200d:9a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 176.34.190.23 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-176-34-190-23.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.232.15 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-15.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.28.144.124 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

945-cxd-062.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.86.176.243 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-86-176-243.compute-1.amazonaws.com

web-analytics.engagio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 199.255.32.6 (Durham, United States) 3 redirects

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 199.255.32.6.reverse.coremetrics.com

analytics.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:6400:10:0:178:249:97:98 (United Kingdom)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:6400:10:0:178:249:97:99 (United Kingdom)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.12.87 (New York, United States)

ASN11054 (LIVEPERSON - LivePerson, Inc., US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9c (Ireland) 2 redirects

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.87.119 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-250-87-119.eu-west-1.compute.amazonaws.com

resources.xg4ken.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.222 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-222.fra56.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.46.48 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.255.34.44 (Durham, United States)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)

data.cmcore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.195.24 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-195-24.eu-central-1.compute.amazonaws.com

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.16.156.11 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.59.238 (Frankfurt, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-59-59-238.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (European Union) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.162.80 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.75.253.95 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-75-253-95.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.73.35 (Fairfield, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-122-73-35.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:833::4000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.153.11.22 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-22.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.221 (European Union) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.209.224.234 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-209-224-234.compute-1.amazonaws.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.241.240.143 (New York, United States) 1 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.226 (Mountain View, United States) 1 redirects

ASN- ()
PTR: fra15s24-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:109:c007:102::5be1:f885 (United States) 2 redirects

ASN197612 (LINKEDIN-1, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:109:c002::6cae:a0a (United States) 1 redirects

ASN- ()

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.53.172.5 (Cambridge, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-53-172-5.deploy.static.akamaitechnologies.com

m.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.16.156.9 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c797 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:3c00::f03c:91ff:fe60:d792 (United States)

ASN63949 (LINODE-AP Linode, LLC, US)

placehold.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.216.166.45 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.99 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-99.fra56.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.153 (Seattle, United States)

ASN- ()
PTR: server-13-32-223-153.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.252.91.52 (Leerdam, Netherlands)

ASN- ()

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.95.17 (Frankfurt, Germany)

ASN- ()
PTR: ec2-35-156-95-17.eu-central-1.compute.amazonaws.com

datacloud.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	tiqcdn.com tags.tiqcdn.com	99 KB
32	trendmicro.com 4 redirects visit.trendmicro.com www.trendmicro.com corelib.trendmicro.com resources.trendmicro.com analytics.trendmicro.com	909 KB
18	adroll.com 14 redirects s.adroll.com d.adroll.com	21 KB
12	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	249 KB
10	google-analytics.com 2 redirects www.google-analytics.com ssl.google-analytics.com	56 KB
8	doubleclick.net 6 redirects 5427711.fls.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	3 KB
6	amazonaws.com s3.amazonaws.com	33 KB
5	facebook.com www.facebook.com graph.facebook.com	1 KB
5	marketo.net munchkin.marketo.net	12 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	3 KB
4	addthis.com s7.addthis.com api-public.addthis.com	186 KB
4	coremetrics.com libs.coremetrics.com	87 KB
4	liveperson.net lptag.liveperson.net va.v.liveperson.net	61 KB
4	google.com 3 redirects www.google.com	2 KB
3	engagio.com web-analytics.engagio.com	10 KB
3	facebook.net connect.facebook.net	101 KB
3	google.de www.google.de	327 B
3	gstatic.com fonts.gstatic.com	26 KB
2	tealiumiq.com datacloud.tealiumiq.com	2 KB
2	akstat.io 364bf52d.akstat.io	718 B
2	openx.net 1 redirects us-u.openx.net	599 B
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1 KB
2	3lift.com 1 redirects eb2.3lift.com	692 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 1 redirects pixel.advertising.com	648 B
2	cmcore.com data.cmcore.com	649 B
2	lpsnmedia.net lpcdn.lpsnmedia.net accdn.lpsnmedia.net	666 B
2	mktoresp.com 945-cxd-062.mktoresp.com	544 B
2	quantserve.com secure.quantserve.com pixel.quantserve.com	6 KB
2	googleadservices.com www.googleadservices.com	10 KB
2	go-mpulse.net c.go-mpulse.net	56 KB
2	googletagmanager.com www.googletagmanager.com	64 KB
2	cludo.com customer.cludo.com	30 KB
1	serving-sys.com bs.serving-sys.com
1	company-target.com api.company-target.com	498 B
1	demandbase.com scripts.demandbase.com	15 KB
1	placehold.it placehold.it	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	cloudflare.com cdnjs.cloudflare.com	82 KB
1	twitter.com analytics.twitter.com	266 B
1	addthisedge.com m.addthisedge.com	1 KB
1	rlcdn.com idsync.rlcdn.com	34 B
1	yahoo.com ads.yahoo.com	341 B
1	taboola.com trc.taboola.com	320 B
1	pubmatic.com simage2.pubmatic.com	817 B
1	outbrain.com sync.outbrain.com	283 B
1	rubiconproject.com pixel.rubiconproject.com	371 B
1	t.co t.co	166 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	terminus.services vidassets.terminus.services
1	xg4ken.com resources.xg4ken.com	4 KB
1	quantcount.com rules.quantcount.com	339 B
1	bizographics.com sjs.bizographics.com	5 KB
1	ytimg.com s.ytimg.com	8 KB
1	youtube.com www.youtube.com	923 B
1	googleapis.com fonts.googleapis.com	914 B
178	57

	Domain	Requested by
33	tags.tiqcdn.com	www.trendmicro.com tags.tiqcdn.com resources.trendmicro.com
16	d.adroll.com	14 redirects s.adroll.com www.trendmicro.com
15	www.trendmicro.com	1 redirects visit.trendmicro.com www.trendmicro.com
12	dev.visualwebsiteoptimizer.com	tags.tiqcdn.com dev.visualwebsiteoptimizer.com www.trendmicro.com resources.trendmicro.com
9	analytics.trendmicro.com	3 redirects libs.coremetrics.com www.trendmicro.com resources.trendmicro.com
8	www.google-analytics.com	2 redirects tags.tiqcdn.com www.google-analytics.com
6	s3.amazonaws.com	resources.trendmicro.com
5	resources.trendmicro.com	tags.tiqcdn.com www.trendmicro.com resources.trendmicro.com
5	munchkin.marketo.net	tags.tiqcdn.com munchkin.marketo.net resources.trendmicro.com
4	libs.coremetrics.com	tags.tiqcdn.com libs.coremetrics.com
4	5427711.fls.doubleclick.net	2 redirects www.googletagmanager.com
4	www.google.com	3 redirects www.trendmicro.com
3	px.ads.linkedin.com	2 redirects
3	www.facebook.com	www.trendmicro.com
3	web-analytics.engagio.com	tags.tiqcdn.com web-analytics.engagio.com
3	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
3	www.google.de	www.trendmicro.com resources.trendmicro.com
3	fonts.gstatic.com	www.trendmicro.com
2	datacloud.tealiumiq.com	tags.tiqcdn.com resources.trendmicro.com
2	364bf52d.akstat.io	c.go-mpulse.net
2	api-public.addthis.com	s7.addthis.com
2	graph.facebook.com	s7.addthis.com
2	us-u.openx.net	1 redirects www.trendmicro.com
2	ib.adnxs.com	1 redirects www.trendmicro.com
2	x.bidswitch.net	1 redirects www.trendmicro.com
2	eb2.3lift.com	1 redirects www.trendmicro.com
2	dsum-sec.casalemedia.com	1 redirects www.trendmicro.com
2	pixel.advertising.com	1 redirects www.trendmicro.com
2	data.cmcore.com	libs.coremetrics.com
2	stats.g.doubleclick.net	2 redirects
2	va.v.liveperson.net	lptag.liveperson.net
2	945-cxd-062.mktoresp.com	munchkin.marketo.net
2	s7.addthis.com	tags.tiqcdn.com s7.addthis.com
2	ssl.google-analytics.com	tags.tiqcdn.com www.trendmicro.com
2	corelib.trendmicro.com	tags.tiqcdn.com
2	s.adroll.com	tags.tiqcdn.com www.trendmicro.com
2	www.googleadservices.com	tags.tiqcdn.com www.googleadservices.com
2	lptag.liveperson.net	tags.tiqcdn.com
2	c.go-mpulse.net	tags.tiqcdn.com c.go-mpulse.net
2	www.googletagmanager.com	tags.tiqcdn.com
2	customer.cludo.com	www.trendmicro.com
1	bs.serving-sys.com	tags.tiqcdn.com
1	api.company-target.com	scripts.demandbase.com
1	scripts.demandbase.com	resources.trendmicro.com
1	placehold.it	resources.trendmicro.com
1	maxcdn.bootstrapcdn.com	resources.trendmicro.com
1	cdnjs.cloudflare.com	resources.trendmicro.com
1	analytics.twitter.com	static.ads-twitter.com
1	m.addthisedge.com	s7.addthis.com
1	www.linkedin.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	idsync.rlcdn.com	www.trendmicro.com
1	ads.yahoo.com	www.trendmicro.com
1	trc.taboola.com	www.trendmicro.com
1	simage2.pubmatic.com	www.trendmicro.com
1	sync.outbrain.com	www.trendmicro.com
1	pixel.rubiconproject.com	www.trendmicro.com
1	t.co	www.trendmicro.com
1	pixel.quantserve.com	www.trendmicro.com
1	static.ads-twitter.com	tags.tiqcdn.com
1	vidassets.terminus.services	tags.tiqcdn.com
1	resources.xg4ken.com	tags.tiqcdn.com
1	accdn.lpsnmedia.net	lptag.liveperson.net
1	lpcdn.lpsnmedia.net	lptag.liveperson.net
1	rules.quantcount.com	secure.quantserve.com
1	sjs.bizographics.com	tags.tiqcdn.com
1	googleads.g.doubleclick.net	1 redirects
1	secure.quantserve.com	tags.tiqcdn.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	www.trendmicro.com
1	fonts.googleapis.com	www.trendmicro.com
1	visit.trendmicro.com
178	72

This site contains links to these domains. Also see Links.

Domain
datacenterattacks.trendmicro.com
www.trendmicro.com
ransomware-assessment.trendmicro.com
twitter.com
www.linkedin.com
www.facebook.com
www.youtube.com
blog.trendmicro.com
newsroom.trendmicro.com
www.blackrabbitint.com

Subject Issuer	Validity	Valid
www.trendmicro.com AffirmTrust Extended Validation CA - EV1	`2018-09-11` - `2020-09-11`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.cludo.com RapidSSL TLS RSA CA G1	`2018-03-06` - `2019-05-12`	a year	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2018-12-30` - `2020-03-30`	a year	crt.sh
www.google.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2017-06-30` - `2020-07-06`	3 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
akstat.io DigiCert ECC Secure Server CA	`2018-03-12` - `2019-05-11`	a year	crt.sh
*.doubleclick.net Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2017-12-17` - `2020-12-16`	3 years	crt.sh
*.coremetrics.com DigiCert SHA2 Secure Server CA	`2018-03-07` - `2019-03-07`	a year	crt.sh
www.googleadservices.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-02-14` - `2019-02-14`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2018-10-16` - `2019-10-21`	a year	crt.sh
www.google.de Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
resources.trendmicro.com AffirmTrust Certificate Authority - OV1	`2017-08-28` - `2019-08-29`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert ECC Secure Server CA	`2018-05-06` - `2019-08-05`	a year	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
*.engagio.com COMODO RSA Organization Validation Secure Server CA	`2017-05-23` - `2020-07-24`	3 years	crt.sh
analytics.trendmicro.com AffirmTrust Certificate Authority - OV1	`2017-05-05` - `2019-05-06`	2 years	crt.sh
*.lpsnmedia.net COMODO RSA Organization Validation Secure Server CA	`2018-02-26` - `2021-02-25`	3 years	crt.sh
*.v.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2018-05-08` - `2020-05-07`	2 years	crt.sh
*.xg4ken.com Go Daddy Secure Certificate Authority - G2	`2017-12-17` - `2020-12-17`	3 years	crt.sh
*.terminus.services Amazon	`2018-01-17` - `2019-02-17`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2018-06-28` - `2019-07-03`	a year	crt.sh
data.cmcore.com DigiCert SHA2 High Assurance Server CA	`2018-05-14` - `2019-07-10`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2018-10-31` - `2019-11-05`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2017-06-14` - `2020-06-18`	3 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-01-09` - `2020-03-09`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2016-01-12` - `2019-03-01`	3 years	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-12-03` - `2019-09-07`	9 months	crt.sh
*.pubmatic.com COMODO RSA Organization Validation Secure Server CA	`2016-04-12` - `2019-05-27`	3 years	crt.sh
*.3lift.com Amazon	`2018-07-31` - `2019-08-31`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-01-03` - `2019-07-02`	6 months	crt.sh
*.bidswitch.net COMODO RSA Domain Validation Secure Server CA	`2018-03-22` - `2019-05-05`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2018-01-25` - `2019-01-25`	a year	crt.sh
*.rlcdn.com Go Daddy Secure Certificate Authority - G2	`2017-05-08` - `2019-06-21`	2 years	crt.sh
*.openx.net DigiCert ECC Secure Server CA	`2018-04-03` - `2019-04-08`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2018-10-31` - `2020-02-12`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-09-22` - `2019-03-31`	6 months	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2018-12-03` - `2019-10-25`	a year	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2017-08-18` - `2019-08-18`	2 years	crt.sh
bs.serving-sys.com Go Daddy Secure Certificate Authority - G2	`2018-03-08` - `2020-03-08`	2 years	crt.sh
*.tealiumiq.com Amazon	`2018-12-19` - `2020-01-19`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://resources.trendmicro.com/datacenter-attack.html
Frame ID: 66AD0AC9D5D91008E0DC6BBFE8EAB19F
Requests: 173 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Frame ID: A2405F8F3D1685D1E320340D23CA4598
Requests: 2 HTTP requests in this frame

Frame: https://5427711.fls.doubleclick.net/activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Frame ID: 50F6DACEF6CC44946403805CD9CD15F4
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.7.0.0-release_439/storage.secure.min.html?loc=https%3A%2F%2Fwww.trendmicro.com&site=8997926&env=prod
Frame ID: F52160077BD389D27EC31A2EC9B31A89
Requests: 1 HTTP requests in this frame

Frame: https://bs.serving-sys.com/Serving/ActivityServer.bs?cn=as&ActivityID=428109&rnd=330817
Frame ID: 402A4B49985C8C7C1F0273CCE095870E
Requests: 1 HTTP requests in this frame

Frame: https://5427711.fls.doubleclick.net/activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html
Frame ID: D33C9DAA0464C84C48859E7D34F200B9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn Page URL
http://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.htm... HTTP 301
https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.htm... Page URL
https://resources.trendmicro.com/datacenter-attack.html Page URL

Detected technologies

YouTube (Video Players) Expand

Overall confidence: 100%
Detected patterns

html /<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com\/(?:v|embed)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i
env /^Munchkin$/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^\/\/tags\.tiqcdn\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

178
Requests

99 %
HTTPS

33 %
IPv6

57
Domains

72
Subdomains

69
IPs

7
Countries

2143 kB
Transfer

5383 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://datacenterattacks.trendmicro.com/

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html
Title: Hybrid Cloud Security Solutions

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/business/campaigns/ransomware.html
Title: Ransomware Protection

Search URL Search Domain Scan URL

URL: http://ransomware-assessment.trendmicro.com/(S(zlpu0y5n1jehhnvfgll5tm53))/Content/Default/GetStarted.aspx
Title: Ransomware Readiness Assessment

Search URL Search Domain Scan URL

URL: https://twitter.com/trendmicro

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trend-micro

Search URL Search Domain Scan URL

URL: https://www.facebook.com/trendmicro

Search URL Search Domain Scan URL

URL: https://www.youtube.com/trendmicro

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/

Search URL Search Domain Scan URL

URL: http://newsroom.trendmicro.com/?s=95

Search URL Search Domain Scan URL

URL: http://www.blackrabbitint.com/
Title: http://www.blackrabbitint.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn Page URL
http://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9 HTTP 301
https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9 Page URL
https://resources.trendmicro.com/datacenter-attack.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9 HTTP 301
https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Request Chain 32

https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9 HTTP 302
https://5427711.fls.doubleclick.net/activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Request Chain 64

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ref=http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn&tiba=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Z3dHXMGTMJXNgAfpna6ACg&sscte=1&crd=CILQGwjJ0xs&gtd= HTTP 302
https://www.google.com/pagead/1p-conversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ref=http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn&tiba=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CILQGwjJ0xs&gtd=&cdct=2&is_vtc=1&ocp_id=Z3dHXMGTMJXNgAfpna6ACg&random=3576901155&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ref=http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn&tiba=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CILQGwjJ0xs&gtd=&cdct=2&is_vtc=1&ocp_id=Z3dHXMGTMJXNgAfpna6ACg&random=3576901155&resp=GooglemKTybQhCsO&ipr=y

Request Chain 80

https://analytics.trendmicro.com/cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&rf=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&ul=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&tid=6&cg=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack&rnd=1548198598259&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a15=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&pv_a16=solution&pv_a17=business&pv_a18=XGen&pv_a19=Corp&pv_a20=Email&pv_a21=NT&pv_a22=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us HTTP 302
https://analytics.trendmicro.com/cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&rf=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&ul=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&tid=6&cg=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack&rnd=1548198598259&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a15=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&pv_a16=solution&pv_a17=business&pv_a18=XGen&pv_a19=Corp&pv_a20=Email&pv_a21=NT&pv_a22=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&cvdone=p

Request Chain 85

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=1940112259&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&dr=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&ul=en-us&de=UTF-8&dt=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBACAIrB~&jid=1344164971&gjid=1489967851&cid=1958441142.1548187496&tid=UA-44592531-1&_gid=1187758821.1548187496&_r=1&cd15=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&z=702706812 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_gid=1187758821.1548187496&gjid=1489967851&_v=j72&z=702706812 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_v=j72&z=702706812 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_v=j72&z=702706812&slf_rd=1&random=767493293

Request Chain 92

https://d.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE?adroll_fpc=2913f3491f24ea112ab14ece1276273f&pv=13592951676.622334&cookie=&adroll_s_ref=http%3A//visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn&keyw=&adroll_external_data=&arrfrr=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9 HTTP 302
https://s.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE/UIGGQATVINGULPRORTYNDM.js

Request Chain 101

https://d.adroll.com/cm/aol/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Request Chain 102

https://d.adroll.com/cm/index/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expiration=1579723496 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expiration=1579723496&C=1

Request Chain 103

https://d.adroll.com/cm/n/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expires=365

Request Chain 104

https://d.adroll.com/cm/outbrain/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://sync.outbrain.com/adroll/pixel?user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

Request Chain 105

https://d.adroll.com/cm/pubmatic/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 106

https://d.adroll.com/cm/taboola/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

Request Chain 107

https://d.adroll.com/cm/triplelift/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&dongle=c85e&gdpr=1&cmp_cs=

Request Chain 108

https://d.adroll.com/cm/r/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 109

https://d.adroll.com/cm/b/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

Request Chain 110

https://d.adroll.com/cm/x/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE%27) HTTP 302
https://ib.adnxs.com/bounce?%2Fpxj%3Fbidder%3D172%26seg%3D802787%26action%3Dsetuid%28%2527ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE%2527%29

Request Chain 111

https://d.adroll.com/cm/l/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=fab4377be5f2339ef8a028a6f7ea3b81

Request Chain 112

https://d.adroll.com/cm/o/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=fab4377be5f2339ef8a028a6f7ea3b81 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=fab4377be5f2339ef8a028a6f7ea3b81

Request Chain 113

https://d.adroll.com/cm/g/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=-rQ3e-XyM574oCim9-o7gQ&google_ula=1535926 HTTP 302
https://d.adroll.com/cm/g/in?google_ula=1535926,0

Request Chain 116

https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1548187497517%26pid%3D46043%26url%3Dhttps%253A%252F%252Fwww.trendmicro.com%252Fen_us%252Fbusiness%252Fcampaigns%252Fxgen-security%252Fresource-center%252Fransomware-attack.html%253Fcm_mmc%253DXGen-_-Corp-_-Email-_-NT%2526mkt_tok%253DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 167

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=679999585&t=pageview&_s=1&dl=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&dr=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ul=en-us&de=UTF-8&dt=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aHBACAIrB~&jid=1364511724&gjid=1726768190&cid=331506914.1548187502&tid=UA-44592531-1&_gid=187691469.1548187502&_r=1&cd15=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&z=1877071253 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_gid=187691469.1548187502&gjid=1726768190&_v=j72&z=1877071253 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_v=j72&z=1877071253 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_v=j72&z=1877071253&slf_rd=1&random=3192934332

Request Chain 174

https://analytics.trendmicro.com/cm?ci=90369712&st=1548187502312&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&tid=6&cg=MARKETO%2F&rnd=1548195072541&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a20=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840 HTTP 302
https://analytics.trendmicro.com/cm?ci=90369712&st=1548187502312&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&tid=6&cg=MARKETO%2F&rnd=1548195072541&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a20=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&cvdone=p

Request Chain 176

https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html HTTP 302
https://5427711.fls.doubleclick.net/activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html

Request Chain 177

https://analytics.trendmicro.com/cm?tid=14&ci=90369712&vn2=e4.0&st=1548187502312&vn1=4.22.118&ec=utf-8&cid=MARKETO%20-%20Trend%20Micro%20Data%20Center%20Attack%20The%20Game&cat=1&ccid=MARKETO&cpt=0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rnd=1548194835038&c_a6=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen&c_a7=Corp&c_a8=Email&c_a9=NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&c_a10=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9 HTTP 302
https://analytics.trendmicro.com/cm?tid=14&ci=90369712&vn2=e4.0&st=1548187502312&vn1=4.22.118&ec=utf-8&cid=MARKETO%20-%20Trend%20Micro%20Data%20Center%20Attack%20The%20Game&cat=1&ccid=MARKETO&cpt=0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rnd=1548194835038&c_a6=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen&c_a7=Corp&c_a8=Email&c_a9=NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&c_a10=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&cvdone=p

178 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set x0C0040p3IC8WQX0ZXCfSDn
visit.trendmicro.com/ 664 B
950 B 372ms
102ms Document
text/html 199.15.213.48
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn

Protocol

HTTP/1.1

Server

199.15.213.48 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: visit.trendmicro.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:53 GMT
Server: Apache
Cache-Control: private, no-cache, no-store, max-age=0
Connection: close
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html
Set-Cookie: BIGipServerab_mailtracking_80=!ZP4MQDG04BowqJm5yiPNdgcigIaMSWR0d10DfOs6B758lhvgz6DyPeqThlsc0u5Dv5OlovQ62VXsAy4=; path=/; Httponly

GET
H2

200

ransomware-attack.html Show response
www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/
Redirect Chain

http://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT...
https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFm...

70 KB
11 KB

1018ms
640ms

Document
text/html

92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Requested by

Host: visit.trendmicro.com
URL: http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

7ceac8921699838299ca7bf8ab12322f1e4adf80d29da6f7bc9126a35a15eaa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:method: GET
:authority: www.trendmicro.com
:scheme: https
:path: /en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn

Response headers

status: 200
server: nginx
content-type: text/html; charset=UTF-8
x-prod-a-01: Yes
strict-transport-security: max-age=15552000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
x-prod-n-02: Yes
content-encoding: gzip
content-length: 10908
vary: Accept-Encoding
date: Tue, 22 Jan 2019 20:04:54 GMT
set-cookie: trendMicroVisitorContextIsBusiness=true; path=/

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Date: Tue, 22 Jan 2019 20:04:53 GMT
Connection: keep-alive

GET
H2 200 jquery.min.js Show response
www.trendmicro.com/etc/clientlibs/granite/ 111 KB
38 KB 59ms
58ms Script
application/javascript 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc/clientlibs/granite/jquery.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9f0173ed05fe8618c76272aaae6711ae0fa7ece07de8522cb6b0159d22b691f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /etc/clientlibs/granite/jquery.min.js
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
status: 200
x-prod-n-01: Yes
content-length: 38305
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 19:04:55 GMT
server: nginx
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=44
etag: "1ba4e-58010a72511d1"
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:05:39 GMT

GET
H2 200 utils.min.js Show response
www.trendmicro.com/etc/clientlibs/granite/ 9 KB
4 KB 26ms
25ms Script
application/javascript 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc/clientlibs/granite/utils.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

fcea66becd77485eb760a9a65e38d47319f69b724ae046f9b246842a1daa6c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /etc/clientlibs/granite/utils.min.js
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
status: 200
x-prod-n-01: Yes
content-length: 3644
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 18:54:17 GMT
server: nginx
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=17
etag: "2547-580108114a9a6"
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:05:12 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
914 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

109352aa292b4d29fbe877243c2a4924f3f559f6cee4b3245e05cbb18798d082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 22 Jan 2019 20:04:55 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:04:55 GMT

GET
H2 200 cludo-search.min.css
customer.cludo.com/css/296/1798/ 16 KB
3 KB 57ms
17ms Stylesheet
text/css 2606:4700:20::6818:4909
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://customer.cludo.com/css/296/1798/cludo-search.min.css
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700:20::6818:4909 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 21 Jan 2019 15:11:19 GMT
server: cloudflare
etag: W/"1b551909bb1d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=300
cf-ray: 49d4a1e40b24c2c4-FRA
x-lb: 4

GET
H2 200 clientlibs.min.css
www.trendmicro.com/etc/designs/trendmicro/ 197 KB
31 KB 48ms
47ms Stylesheet
text/css 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

20eb4fda1ac2f303c06d61499c77af28192c8e69d3992275815ac711961bb069

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /etc/designs/trendmicro/clientlibs.min.css
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
status: 200
x-prod-n-01: Yes
content-length: 31302
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 18:54:03 GMT
server: nginx
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=298
etag: W/"314f4-580108045533d"
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:09:53 GMT

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 87ms
86ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2baa08835c774cfef304fcfec7e727ae1f4f604127361ebf63d687acd0e464a0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Thu, 06 Dec 2018 17:29:16 GMT
server: Apache
etag: "43d63a1cb95fb71af54051f3872b293d:1544117356"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 861
expires: Tue, 22 Jan 2019 20:09:55 GMT

GET
H2 200 logo-desktop.png
www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/ 13 KB
13 KB 26ms
25ms Image
image/png 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/logo-desktop.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e071be5dfd0660da71a9572d8726495c1ff99ac18f2f3ced3325941c2ec9a39d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /content/dam/trendmicro/global/en/global/logo/logo-desktop.png
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-a-01: Yes
status: 200
content-length: 13089
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 18:52:28 GMT
server: nginx
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=577
etag: "3321-580107aa19f4e"
x-prod-n-02: Yes
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:14:32 GMT

GET
H2 200 trend-micro-mobile.png
www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/ 9 KB
9 KB 47ms
46ms Image
image/png 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/trend-micro-mobile.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

8457e29991fbaa2d3088abff6e330fb8f8aac4e1c8dd4051505af727e227773d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /content/dam/trendmicro/global/en/global/logo/trend-micro-mobile.png
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-a-01: Yes
status: 200
content-length: 9045
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 18:57:59 GMT
server: nginx
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=322
etag: "2355-580108e5cef32"
x-prod-n-02: Yes
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:10:17 GMT

GET
H2 200 search-script.min.js Show response
customer.cludo.com/scripts/bundles/ 119 KB
27 KB 33ms
28ms Script
application/javascript 2606:4700:20::6818:4909
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://customer.cludo.com/scripts/bundles/search-script.min.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700:20::6818:4909 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf950200afb5df99129af3adbbb63d211605eacbdc102608fa3c1b51ffd494e1

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 19 Jan 2019 10:23:13 GMT
server: cloudflare
etag: W/"432331fce0afd41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=300
cf-ray: 49d4a1e40b26c2c4-FRA
x-lb: 4

GET
H2 200 search_box_icon.png
www.google.com/uds/css/v2/ 1018 B
1 KB 18ms
16ms Image
image/png 2a00:1450:4001:824::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/uds/css/v2/search_box_icon.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

76a0d76f135419f4d00213037cda0cba949a0372e01ab6a1d70072008a56bd18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Oct 2018 20:52:53 GMT
server: GSE
age: 0
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=0
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1018
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:04:55 GMT

GET
H2 200 clientlibs.min.js Show response
www.trendmicro.com/etc/designs/trendmicro/ 302 KB
90 KB 34ms
33ms Script
application/javascript 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c18b99dec861a9ffee7f0eeefc356942587a856155f8bc7f53f14a8411c302bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /etc/designs/trendmicro/clientlibs.min.js
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
status: 200
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 19:00:14 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 22 Jan 2019 20:04:55 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=174
etag: "4b9aa-58010965ef2d0"
x-prod-n-02: Yes
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:07:49 GMT

GET
H2 200 sly.min.js Show response
www.trendmicro.com/content/dam/trendmicro/global/core-library/ 18 KB
7 KB 531ms
531ms Script
application/javascript 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /content/dam/trendmicro/global/core-library/sly.min.js
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
status: 200
content-length: 7185
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 19:10:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 22 Jan 2019 20:04:55 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=308
etag: "48de-58010b9c72d0a"
x-prod-n-02: Yes
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:10:03 GMT

GET
H2 200 jwplayer.js Show response
www.trendmicro.com/content/dam/trendmicro/global/core-library/ 81 KB
26 KB 410ms
408ms Script
application/javascript 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /content/dam/trendmicro/global/core-library/jwplayer.js
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:scheme: https
:method: GET
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
status: 200
content-length: 26353
x-xss-protection: 1;mode=block
last-modified: Tue, 22 Jan 2019 19:02:36 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 22 Jan 2019 20:04:55 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=380
etag: "1457a-580109ede9e93"
x-prod-n-02: Yes
accept-ranges: bytes
x-content-type-options: nosniff
expires: Tue, 22 Jan 2019 20:11:15 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
923 B 27ms
25ms Script
application/javascript 2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

9d15d6be9c463e262a90401362a498e9142ee8579fe021614d89c8640c078105

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 859
x-xss-protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
1 KB 45ms
7ms Script
application/javascript 159.122.87.148
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&r=0.8438601478859695
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.148 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 94.57.7a9f.ip4.static.sl-reverse.com
Software: fra1dacdn /
Resource Hash: 9e5111182442693eb54fc6b9c3f42fcf6a29b8b6f13c9f216dbccad9e2682f7b

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:54 GMT
content-encoding: gzip
server: fra1dacdn
content-type: application/javascript; charset=UTF-8

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 56 KB
15 KB 82ms
82ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 30cf55b9a533a5adf988d6aa18f8bbc82058d3d4a2f866f9b04db8ebbbc2ab1c

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Thu, 06 Dec 2018 17:29:15 GMT
server: Apache
etag: "79b5860dbe09e7858ad7efbc82b4699b:1544117355"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 15201
expires: Tue, 22 Jan 2019 20:09:55 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600
Origin: https://www.trendmicro.com

Response headers

date: Fri, 21 Dec 2018 06:07:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:48 GMT
server: sffe
age: 2815034
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8916
x-xss-protection: 1; mode=block
expires: Sat, 21 Dec 2019 06:07:41 GMT

GET
H2 200 icomoon.ttf
www.trendmicro.com/etc/designs/trendmicro/clientlibs/fonts/ 17 KB
17 KB 512ms
511ms Font
application/font-sfnt 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc/designs/trendmicro/clientlibs/fonts/icomoon.ttf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6a98155efc9187c6d9ac10ed521bea2ed65d7e44df87b8267f6c07b64dd3b8b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /etc/designs/trendmicro/clientlibs/fonts/icomoon.ttf
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true
origin: https://www.trendmicro.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.css
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.css
Origin: https://www.trendmicro.com

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-a-01: Yes
last-modified: Tue, 22 Jan 2019 18:52:10 GMT
server: nginx
etag: "4490-580107991d8b5"
x-frame-options: SAMEORIGIN
content-type: application/font-sfnt
status: 200
date: Tue, 22 Jan 2019 20:04:55 GMT
x-content-type-options: nosniff
accept-ranges: bytes
x-prod-n-01: Yes
content-length: 17552
x-xss-protection: 1;mode=block

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600
Origin: https://www.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 09:40:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 37461
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8892
x-xss-protection: 1; mode=block
expires: Wed, 22 Jan 2020 09:40:34 GMT

GET
H2 200 va-3d21b22b243806407666de89d24a2e04.js Show response
dev.visualwebsiteoptimizer.com/5.0/ 164 KB
55 KB 38ms
7ms Script
text/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/5.0/va-3d21b22b243806407666de89d24a2e04.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&r=0.8438601478859695
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: 4b6ae1ffe9e6c6c48f898cc2e6cfd5aaa0e9e96c9ab8b83efa34a683ecbcf252

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:04:54 GMT
content-encoding: gzip
last-modified: Thu, 17 Jan 2019 09:12:30 GMT
server: dacdn2
access-control-allow-origin: *
etag: "5c4046fe-da65"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 55909

GET
H2 200 track-3d21b22b243806407666de89d24a2e04.js Show response
dev.visualwebsiteoptimizer.com/5.0/ 17 KB
6 KB 51ms
21ms Script
text/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/5.0/track-3d21b22b243806407666de89d24a2e04.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&r=0.8438601478859695
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: d12571fb058caba3e2478b76fc95d3f65741995d085ef27e29434b6e6d67791c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:04:54 GMT
content-encoding: gzip
last-modified: Thu, 17 Jan 2019 09:12:30 GMT
server: dacdn2
access-control-allow-origin: *
etag: "5c4046fe-15b9"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5561

GET
H2 200 opa-223743be8b39a88528aec7917bf9d592.js Show response
dev.visualwebsiteoptimizer.com/analysis/2.0/ 149 KB
48 KB 51ms
20ms Script
application/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/2.0/opa-223743be8b39a88528aec7917bf9d592.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&r=0.8438601478859695
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: e377c975d12c4ac249780470793574edc9f110b4fc380089393147cd12679419

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:04:54 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 09:06:55 GMT
server: dacdn2
access-control-allow-origin: *
etag: W/"5c3c512f-2555e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=604800

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
238 B 8ms
7ms Image
image/gif 159.122.87.148
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?a=215154&d=trendmicro.com&u=DA520A8669A562FA3635357166BC7EDB6&h=b33d69c89303e94c554f1435b79704ce&t=false&r=0.433367807313364

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.122.87.148 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),

Reverse DNS

94.57.7a9f.ip4.static.sl-reverse.com

Software

fra1dacdn /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:54 GMT
x-content-type-options: nosniff
server: fra1dacdn
content-type: image/gif
status: 200
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 dade3edf-02a3-4844-947e-95175f24faef-3.woff
www.trendmicro.com/etc/designs/trendmicro/clientlibs/fonts/InterstateExtraLight/ 37 KB
38 KB 26ms
25ms Font
application/font-woff 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc/designs/trendmicro/clientlibs/fonts/InterstateExtraLight/dade3edf-02a3-4844-947e-95175f24faef-3.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d5f14381258973e1a93167d8b3486ae1b2665ea072feb622e1ec0a446facc400

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /etc/designs/trendmicro/clientlibs/fonts/InterstateExtraLight/dade3edf-02a3-4844-947e-95175f24faef-3.woff
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true; _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce
origin: https://www.trendmicro.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.trendmicro.com
referer: https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.css
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.css
Origin: https://www.trendmicro.com

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-a-01: Yes
last-modified: Tue, 22 Jan 2019 18:52:19 GMT
server: nginx
etag: "95a9-580107a1a13e5"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
status: 200
date: Tue, 22 Jan 2019 20:04:55 GMT
x-content-type-options: nosniff
accept-ranges: bytes
x-prod-n-01: Yes
content-length: 38313
x-xss-protection: 1;mode=block

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600
Origin: https://www.trendmicro.com

Response headers

date: Thu, 20 Dec 2018 21:50:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:38 GMT
server: sffe
age: 2844864
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8732
x-xss-protection: 1; mode=block
expires: Fri, 20 Dec 2019 21:50:31 GMT

GET
H2 200 utag.69.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 21ms
20ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.69.js?utv=ut4.42.201610132134
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e77bdb0ba7dd329aaa6c33250e5ce3cc287f47a04de1f6006ecf43202769df0d

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:03 GMT
server: Apache
etag: "96165357acc3d7253ab0fc2f07c66ff9:1486318443"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1007
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.64.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 22ms
21ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.64.js?utv=ut4.42.201703212110
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bd01aae945e384b6277cb6eb92c68de34738c7185cc52fe2aa03301f736997c9

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:02 GMT
server: Apache
etag: "3ad4560603173372f8b8f74cd58b7e50:1486318442"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 943
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 dict.en_us.json Show response
www.trendmicro.com/libs/cq/i18n/ 13 KB
13 KB 145ms
145ms XHR
application/json 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/libs/cq/i18n/dict.en_us.json

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc/clientlibs/granite/jquery.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b363a5e94f358d696bf22519c6a1b9fa328411858c2c787f9d12355471dc2e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /libs/cq/i18n/dict.en_us.json
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true; _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: www.trendmicro.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-a-01: Yes
server: nginx
etag: "c587034623cb0c7e70b834d1821205ef"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
status: 200
cache-control: public, max-age=529
date: Tue, 22 Jan 2019 20:04:55 GMT
x-content-type-options: nosniff
x-prod-n-01: Yes
content-length: 13294
x-xss-protection: 1;mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 114 KB
32 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:808::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

9646077bb23fab97390acdb6e3e7388d7bb8cee5a477dfe470600c5c16e2ae68

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32442
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:04:55 GMT

GET
H/1.1 200
OK TU3LW-WPX5W-YK52N-GNWRK-Z5B9X Show response
c.go-mpulse.net/boomerang/ Frame A240 187 KB
55 KB 97ms
32ms Script
application/javascript 23.60.198.210
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.64.js?utv=ut4.42.201703212110
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.60.198.210 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-60-198-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Cache-Control: max-age=604800, s-maxage=604800
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Timing-Allow-Origin: *

GET
H2

200

activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fre...
5427711.fls.doubleclick.net/ Frame 50F6
Redirect Chain

https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2F...
https://5427711.fls.doubleclick.net/activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusin...

0
0

43ms
43ms

Document
text/html

172.217.16.166
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://5427711.fls.doubleclick.net/activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.16.166 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f166.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: 5427711.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Tue, 22 Jan 2019 20:04:55 GMT
expires: Tue, 22 Jan 2019 20:04:55 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 611
x-xss-protection: 1; mode=block
set-cookie: IDE=AHWqTUkmRol1rsA4MMnNMCL-eWLJfr8nCncqVX0IY_WvuPk5hxbVp3VRAJhPfQ-u; expires=Sun, 16-Feb-2020 20:04:55 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Tue, 22 Jan 2019 20:04:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5427711.fls.doubleclick.net/activityi;dc_pre=CLbe3-2XguACFQkO4AodrMgNcw;src=5427711;type=remar0;cat=allsi0;ord=1;num=2414335706615;gtm=2wg170;auiddc=573348409.1548187496;u1=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 1; mode=block
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Jan-2019 20:19:55 GMT; path=/; domain=.doubleclick.net
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H2 200 worker-68f4c079a93008e8e04f81f6476e5cc4.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 46 KB
15 KB 15ms
15ms XHR
application/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-68f4c079a93008e8e04f81f6476e5cc4.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/2.0/opa-223743be8b39a88528aec7917bf9d592.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: d11075cd7df2682b221d194573250d4aed0a6a4e3a151acf41d1b14053495b85

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:54 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2017 11:57:29 GMT
server: dacdn2
status: 200
etag: W/"59d4cca9-b83e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800, public, max-age=604800

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflHdGmps/ 20 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflHdGmps/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

27a9d5da522a9269ce5317f99cc458e95bcf4b13acb90fa0d6ee43910553f880

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 17:30:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9267
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 7729
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Jan 2019 14:47:08 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Wed, 30 Jan 2019 17:30:28 GMT

GET
H2 200 utag.78.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 11 KB
4 KB 67ms
67ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.78.js?utv=ut4.42.201610111459
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 90b57e4b0d50489462d79fa75ca1b97d1b6c29868a0c47dd57be9671f483bec5

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:00 GMT
server: Apache
etag: "7a3eca7ca8caa73bfc5f6c8764487222:1486318440"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3653
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.1.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 12 KB
3 KB 77ms
76ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.1.js?utv=ut4.42.201710302123
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d2ee007d1431469e1abdaa636844eb993634b88895e9c5266430e779f7d3b52c

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Wed, 07 Jun 2017 12:00:13 GMT
server: Apache
etag: "69e734a41a87e6c0de511bed5ae76fe3:1496836813"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3347
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.100.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 90ms
89ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.100.js?utv=ut4.42.201709111853
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4fd08c67f3d0e5cf8e5652ac09cf46e1c22a7413baffe8966fa4a552119304dd

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Mon, 11 Sep 2017 18:54:04 GMT
server: Apache
etag: "571e300b76264f3571332f49c585dd04:1505156044"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1746
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.9.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 77ms
77ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.42.201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 693439cfa75855b1a00577f9244f66d2e01ac543deeb91d0d98157b748db5960

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:03 GMT
server: Apache
etag: "f141429058c28ecde69fa4e1097f5918:1486318443"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1385
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.18.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 89ms
89ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.18.js?utv=ut4.42.201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 179bace0273000f2f62b6195b3d04bd903c864344f23318a3a92a41e06628b1b

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:01 GMT
server: Apache
etag: "15598bba639efba2403d00ec82947e93:1486318441"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1024
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.22.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 92ms
92ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.22.js?utv=ut4.42.201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1c0c3ded4bc24bbeaf3c728afd0e56ca95e44714285fca8d8f0edcaa471806c4

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:00 GMT
server: Apache
etag: "bd58d1fcdbd29988cdaf2f96d9322e68:1486318440"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1229
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.81.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 23 KB
6 KB 100ms
100ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.81.js?utv=ut4.42.201710302123
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1063ac942e93231a11a3ced6a6a4438e33d504b52c581ed12ee5f36c263fa6aa

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Mon, 07 Aug 2017 19:51:01 GMT
server: Apache
etag: "289f96ed1e14ae55e71d3668b7a8d83b:1502135461"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5633
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.29.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 123ms
122ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.29.js?utv=ut4.42.201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4e87d403169e5c9f9c706b28ff3c4c9fd9f30d3a4fd6c5e10298a0f56b0f3120

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:02 GMT
server: Apache
etag: "7b0575b394704ec7f76bef0f68cfc059:1486318442"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1706
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.43.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 88ms
88ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.43.js?utv=ut4.42.201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c8e456c702931234478001bef4424a5063d46be7b65fc032ba05eba7186e08c0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:04 GMT
server: Apache
etag: "d25bbf3981a87a9c659c1c90890e67ae:1486318444"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 924
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.75.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 89ms
81ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.75.js?utv=ut4.42.201608171750
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 11e4bbc1b693180f808f5cf7efd686a3ce9fc7585dc1806185f7084424162173

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:03 GMT
server: Apache
etag: "afbbd577745f63042227302506a07e1a:1486318443"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1454
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.79.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 1 KB
986 B 104ms
101ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.79.js?utv=ut4.42.201702040059
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9f4977b5ac461125e14cd79eab7048e5586012360f5f449b4bb052b06fee031e

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 05 Feb 2017 18:14:00 GMT
server: Apache
etag: "743297d024c23cf23bb1280675cf253f:1486318440"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 769
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.115.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 10 KB
3 KB 138ms
135ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.115.js?utv=ut4.42.201807241753
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 578459f8ab219b96f7c3d3d0799841ae14894b07b2a2db5c8a518acb4b52b429

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Tue, 24 Jul 2018 17:54:10 GMT
server: Apache
etag: "506cc61aaf3a606826e06df844659b94:1532454850"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3246
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.89.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 730 B
693 B 86ms
85ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.89.js?utv=ut4.42.201705092005
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e57d7aa2aa173860f1ae7b0b56e8eb3bbe8e1fc20f857c6579d972cda7164e1b

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Tue, 09 May 2017 20:05:45 GMT
server: Apache
etag: "2d31d4ef6b1e3d47ab14a0e50a32a692:1494360345"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 476
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.92.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 90ms
89ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.92.js?utv=ut4.42.201707172017
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d474c1bfd9f15eab91498e377767f2b7288db456abb6b29ec50c4e038833eba9

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Mon, 17 Jul 2017 20:17:18 GMT
server: Apache
etag: "7897983abd6ea6f65c3a5e8ef8d934a8:1500322638"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1613
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.99.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 10 KB
3 KB 126ms
125ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.99.js?utv=ut4.42.201709111706
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9a22870bf0d1855d608ce843bbe9cb3b10fb56a0f5c26c3fee2be6ce34d57359

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Mon, 11 Sep 2017 17:06:56 GMT
server: Apache
etag: "3809b060b34e9730f1dec6dc2422caae:1505149616"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2502
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.114.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 106ms
105ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.114.js?utv=ut4.42.201807111711
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 3902f7216a3560fb1463c20c27c0f3b0e4d97035978c61b92a7b1294954b47f9

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Wed, 11 Jul 2018 17:11:36 GMT
server: Apache
etag: "153ad8ad8a2416f8c04c801a92476655:1531329096"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1662
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 200 utag.117.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 105ms
105ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.117.js?utv=ut4.42.201810152028
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5531265ecdebe91ac3fdfd4841c1d32fd4bd9694507d6448fce0ad21a3faa137

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Mon, 15 Oct 2018 20:28:28 GMT
server: Apache
etag: "710195e0ca7c52bf6db852c203f53c4e:1539635308"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 974
expires: Wed, 06 Feb 2019 20:04:55 GMT

GET
H2 204 ransomware-attack.disruptor.html Show response
www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ 0
195 B 453ms
452ms XHR
text/html 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.disruptor.html

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.disruptor.html
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true; _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html, */*; q=0.01
cache-control: no-cache
:authority: www.trendmicro.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:method: GET
Accept: text/html, */*; q=0.01
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-a-01: Yes
server: nginx
date: Tue, 22 Jan 2019 20:04:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
status: 204
x-content-type-options: nosniff
x-prod-n-02: Yes
x-xss-protection: 1;mode=block

GET
H2 200 ransomware-attack.notifications.html Show response
www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ 2 KB
915 B 451ms
451ms XHR
text/html 92.123.8.62
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.notifications.html

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc/designs/trendmicro/clientlibs.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.8.62 , France, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a92-123-8-62.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2d3ce115a6a042047bb9bd696ce347faeb106e9227d3b321296548f623d9bef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

:path: /en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.notifications.html
pragma: no-cache
cookie: trendMicroVisitorContextIsBusiness=true; _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html, */*; q=0.01
cache-control: no-cache
:authority: www.trendmicro.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
:method: GET
Accept: text/html, */*; q=0.01
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
server: nginx
date: Tue, 22 Jan 2019 20:04:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
status: 200
x-content-type-options: nosniff
x-prod-n-02: Yes
vary: Accept-Encoding
content-length: 685
x-xss-protection: 1;mode=block

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame A240 1 KB
979 B 123ms
53ms XHR
application/json 104.111.214.229
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=TU3LW-WPX5W-YK52N-GNWRK-Z5B9X&d=www.trendmicro.com&t=5160625&v=1.571.0&if=&sl=0&si=fvz4n8lp7to-NaN&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-214-229.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0f33dbc60d6a20e7a3148a7be03fa6f3879795369bb1b38c0e97ae63e7db0d8c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://www.trendmicro.com
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 634

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 18 KB
7 KB 118ms
28ms Script
application/javascript 178.249.101.23
LivePerson

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=8997926
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.78.js?utv=ut4.42.201610111459
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software: ws /
Resource Hash: cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
last-modified: Sun, 24 Jun 2018 08:31:24 GMT
server: ws
etag: "5b2f56dc-198d"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 6541

GET
H/1.1 200
OK eluminate.js Show response
libs.coremetrics.com/ 156 KB
43 KB 11ms
10ms Script
application/x-javascript 184.31.90.101
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://libs.coremetrics.com/eluminate.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.90.101 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-90-101.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d56485dbbc5b55b37f96b65ac0d5245e77cf51c094d827348f2243948f2feeca

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Nov 2018 20:52:22 GMT
Server: Apache
ETag: "648ad45a24b4d2c2a79a92505d2ecc8f:1542142342"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43582

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 19ms
18ms Script
text/javascript 216.58.207.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.42.201510262117

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

762a162d2e61989a1b2ed0bf516e6bdb4d8d00abf4773bca50b033444e0437f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8898
x-xss-protection: 1; mode=block
server: cafe
etag: 12426384907228739869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 22 Jan 2019 20:04:55 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 46ms
8ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jun 2018 01:36:41 GMT
Server: Apache
ETag: "8a1ad47bd9401d0c4cde2aab48eeb571:1528767401"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 32 KB
11 KB 94ms
20ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1683cc734667c1dfc51beef0720d8bc1d085ffc37ad67f0bf02d41ba25ef7551

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: WKgVGNXri8HlRMKT77dpRv7GtBpB06oM
Content-Encoding: gzip
x-amz-request-id: E45FAC093259B4ED
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 22 Jan 2019 20:04:55 GMT
Connection: keep-alive
Content-Length: 10234
x-amz-id-2: gWy/Ko+L5djlHBjSp5/MNfA6hwpkBsfri5oWW9IYSpTX79YdRt9tpfLUmTl40PbLvnTM8RLILZE=
Last-Modified: Mon, 14 Jan 2019 20:17:40 GMT
Server: AmazonS3
ETag: "52bb7d50a9e1537cfef675909b897d91"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 12 KB
6 KB 81ms
8ms Script
application/x-javascript 18.195.154.247
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.247 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-154-247.eu-central-1.compute.amazonaws.com
Software: QS /
Resource Hash: 404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22-Jan-2019 20:04:55 GMT
Server: QS
ETag: M0-e2b9884a
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5456
Expires: Tue, 29 Jan 2019 20:04:55 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/1015287688/ 2 KB
1 KB 18ms
17ms Script
text/javascript 216.58.207.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1015287688/?random=1548187495748&cv=9&fst=1548187495748&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ref=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&tiba=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

1466dd727108ff7ee3a33df8248b697678f3a7046530e98aec1b443f9e03c579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1341
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cmcustomcms.js Show response
corelib.trendmicro.com/common/coremetrics/ 2 KB
2 KB 101ms
13ms Script
application/x-javascript 23.54.113.142
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://corelib.trendmicro.com/common/coremetrics/cmcustomcms.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.54.113.142 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-54-113-142.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 76bbc3dbc06335e061219740d999dcec6f4c01ebf4867e7d33ab9f3f727ca49a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: corelib.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Cookie: _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Last-Modified: Tue, 07 Feb 2017 21:07:13 GMT
Server: Apache
ETag: "7f8095-640-547f721cb0240"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1600

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/154/ 8 KB
4 KB 23ms
22ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/154/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 May 2018 02:45:27 GMT
Server: Apache
ETag: "808fc844032f646c32adce24553838be:1526611527"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3700
Expires: Thu, 02 May 2019 20:04:55 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/1015287688/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=12...
https://www.google.com/pagead/1p-conversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200...
https://www.google.de/pagead/1p-conversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...

42 B
109 B

24ms
24ms

Image
image/gif

2a00:1450:4001:820::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ref=http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn&tiba=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CILQGwjJ0xs&gtd=&cdct=2&is_vtc=1&ocp_id=Z3dHXMGTMJXNgAfpna6ACg&random=3576901155&resp=GooglemKTybQhCsO&ipr=y

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:56 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1015287688/?random=189346615&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ref=http://visit.trendmicro.com/x0C0040p3IC8WQX0ZXCfSDn&tiba=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CILQGwjJ0xs&gtd=&cdct=2&is_vtc=1&ocp_id=Z3dHXMGTMJXNgAfpna6ACg&random=3576901155&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 15 KB
5 KB 54ms
7ms Script
application/x-javascript 2a02:26f0:f1:28a::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.43.js?utv=ut4.42.201510262117
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f1:28a::3adf , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=58352
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 12ms
12ms Script
text/javascript 2a00:1450:4016:807::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4016:807::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 1132
date: Tue, 22 Jan 2019 19:46:03 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17404
expires: Tue, 22 Jan 2019 21:46:03 GMT

GET
H/1.1 200
OK Cookie set revenuepulse-lib-v3.js Show response
resources.trendmicro.com/rs/945-CXD-062/images/ 2 KB
1 KB 498ms
94ms Script
application/x-javascript 199.15.212.64
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.trendmicro.com/rs/945-CXD-062/images/revenuepulse-lib-v3.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

199.15.212.64 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: resources.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Cookie: _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187495859-65458
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Jan 2019 07:10:47 GMT
Server: nginx
ETag: "4e1ded-6f3-58006ad36e2ae"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Set-Cookie: BIGipServerab08web-nginx-app_https=!+3PrKVgONVYpWwK5yiPNdgcigIaMSd59rjheoEvHS+e23wqTIvJXCf6zsqc5rR2RzsBGzKpU9moiPXs=; path=/; Httponly; Secure
Accept-Ranges: bytes
Content-Length: 695

GET
H2 200 rules-p-yyb3JEF9Pm8ey.js Show response
rules.quantcount.com/ 3 B
339 B 228ms
227ms Script
application/x-javascript 2600:9000:200d:9a00:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-yyb3JEF9Pm8ey.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200d:9a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 04:32:46 GMT
via: 1.1 8cd0e1b054d4e5083057646da4909e74.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 21:25:15 GMT
server: AmazonS3
age: 57744
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-length: 3
x-amz-cf-id: hQk3w4JpEnw3b6GYUhhh6j7iyOY008syhsvMUSu6QXWYtyZod6zwDA==

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/8997926/configuration/applications/taglets/ 145 KB
53 KB 33ms
31ms Script
application/x-javascript 178.249.101.23
LivePerson

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/8997926/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.78.js?utv=ut4.42.201610111459
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software: ws /
Resource Hash: ead497b5062ce9a352d275512adcd099c47fdb0af12f98b7173e6ac1293c1e24

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:55 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
status: 200
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H/1.1 200
OK BWZHCVGVU5GGVN5IX5I7Y3 Show response
d.adroll.com/consent/check/ 40 B
200 B 155ms
32ms Script
application/javascript 176.34.190.23
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/BWZHCVGVU5GGVN5IX5I7Y3?_s=13cf0b222c69c052f1a9e15b128ce9a6
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 176.34.190.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-176-34-190-23.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 867bd168728faba904fe15de941932d1d7537130b0edb918970901435cf39929

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: nginx/1.12.1
Connection: keep-alive
Content-Length: 40
Content-Type: application/javascript

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 15ms
9ms Script
text/javascript 2a00:1450:4001:814::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.29.js?utv=ut4.42.201510262117

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:814::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 5095
date: Tue, 22 Jan 2019 18:40:00 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17168
expires: Tue, 22 Jan 2019 20:40:00 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/250/ 349 KB
112 KB 145ms
28ms Script
application/javascript 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/js/250/addthis_widget.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.79.js?utv=ut4.42.201702040059
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.15 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-15.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c51bc8a70066881987f3cb651824cb0b0b3581f73040dfbb79b309599793c4e9

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
content-encoding: gzip
surrogate-key: client_dist
last-modified: Wed, 16 Jan 2019 16:29:17 GMT
etag: "5c3f5bdd-573fa"
vary: Accept-Encoding
x-distribution: 99
cache-tag: client_dist
status: 200
cache-control: public, max-age=600
x-host: s7.addthis.com
accept-ranges: bytes
timing-allow-origin: *
content-type: application/javascript

GET
H/1.1 200
OK visitWebPage Show response
945-cxd-062.mktoresp.com/webevents/ 2 B
272 B 488ms
95ms XHR
text/plain 192.28.144.124
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://945-cxd-062.mktoresp.com/webevents/visitWebPage?_mchNc=1548187495861&_mchCn=&_mchId=945-CXD-062&_mchTk=_mch-trendmicro.com-1548187495859-65458&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&_mchHo=www.trendmicro.com&_mchPo=&_mchRu=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&_mchQp=cm_mmc%3DXGen-_-Corp-_-Email-_-NT__-__mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: spray-can/1.3.3 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 22 Jan 2019 20:04:56 GMT
Content-Encoding: gzip
Server: spray-can/1.3.3
Content-Length: 22
X-Request-Id: fa6f962d-cabc-4ebd-ad53-5a35ae0add57
Content-Type: text/plain; charset=UTF-8

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 13ms
12ms Script
text/javascript 2a00:1450:4016:807::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4016:807::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 19:55:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 579
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1296
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:55:16 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
922 B 12ms
12ms Script
text/javascript 2a00:1450:4016:807::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4016:807::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 19:40:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 1442
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 856
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:40:53 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 51 KB
15 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: public
x-fb-debug: +czR4R6gfydSe06ITS2x2Db6ih0lIgi6dNNO0NzpOeZI4iYUA/6LTgOCu5o392SZDGXcGovXYkNJ2pWs5anFjQ==
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 22 Jan 2019 20:04:55 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
strict-transport-security: max-age=31536000; preload; includeSubDomains
vary: Accept-Encoding
content-length: 14941
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ei.js Show response
web-analytics.engagio.com/js/ 2 KB
2 KB 376ms
119ms Script
application/javascript 54.86.176.243
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/js/ei.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.176.243 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-176-243.compute-1.amazonaws.com
Software: /
Resource Hash: 1b7a2a0b0d504e2eef6b0534ad18d0b338097db2d0d27c36045f988e8b6a4851

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:56 GMT
cache-control: max-age=0
last-modified: Wed, 16 Jan 2019 05:41:14 GMT
content-length: 2068
vary: Origin
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK 90369712.js Show response
libs.coremetrics.com/configs/ 85 B
410 B 19ms
18ms Script
application/x-javascript 184.31.90.101
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://libs.coremetrics.com/configs/90369712.js
Requested by: Host: libs.coremetrics.com
URL: https://libs.coremetrics.com/eluminate.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.90.101 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-90-101.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b568b1f531806b127ff051bc59e3675d9ca4c16c979107266cf505390c36dba5

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:55 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2012 23:40:49 GMT
Server: Apache
ETag: "5db5448f69bdbbbe387a460de2443a8b:1345074414"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86

GET
H/1.1 200
OK cookie-id.js Show response
analytics.trendmicro.com/ 57 B
333 B 555ms
92ms Script
application/x-javascript 199.255.32.6
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.trendmicro.com/cookie-id.js?fn=eluminate1763
Requested by: Host: libs.coremetrics.com
URL: https://libs.coremetrics.com/eluminate.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.32.6 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 199.255.32.6.reverse.coremetrics.com
Software: Apache /
Resource Hash: cf391d83a19d230e8659cfd9e745ec60c7874c9ac6322aac59267929503ecffc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: analytics.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Cookie: _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187495859-65458; _ga=GA1.2.1958441142.1548187496; _gid=GA1.2.1187758821.1548187496
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: Apache
Connection: Keep-Alive
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Keep-Alive: timeout=300, max=57
Content-Length: 57
Content-Type: application/x-javascript

GET
H/1.1

200
OK

Cookie set cm
analytics.trendmicro.com/
Redirect Chain

https://analytics.trendmicro.com/cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&rf=http%3...
https://analytics.trendmicro.com/cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&rf=http%3...

43 B
604 B

101ms
100ms

Image
image/gif

199.255.32.6
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.trendmicro.com/cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&rf=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&ul=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&tid=6&cg=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack&rnd=1548198598259&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a15=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&pv_a16=solution&pv_a17=business&pv_a18=XGen&pv_a19=Corp&pv_a20=Email&pv_a21=NT&pv_a22=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&cvdone=p
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.32.6 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 199.255.32.6.reverse.coremetrics.com
Software: Apache /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: analytics.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Cookie: _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187495859-65458; _ga=GA1.2.1958441142.1548187496; _gid=GA1.2.1187758821.1548187496; _gat_tealium_0=1; __utma=44797537.1958441142.1548187496.1548187496.1548187496.1; __utmc=44797537; __utmz=44797537.1548187496.1.1.utmcsr=visit.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/x0C0040p3IC8WQX0ZXCfSDn; __utmt=1; __utmb=44797537.1.10.1548187496; _fbp=fb.1.1548187496178.441005453; __qca=P0-472542660-1548187496151; querystring=cm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9; CoreID6=81031548187496237919136; TestSess3=81031548187496237919136
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90369712_login=1548187496339364165790369712; path=/ 90369712_reset=1548187496;path=/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=300, max=31
Content-Length: 43
Expires: Mon, 21 Jan 2019 20:04:56 GMT

Redirect headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Location: /cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&rf=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&ul=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&tid=6&cg=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack&rnd=1548198598259&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a15=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&pv_a16=solution&pv_a17=business&pv_a18=XGen&pv_a19=Corp&pv_a20=Email&pv_a21=NT&pv_a22=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&cvdone=p
Connection: Keep-Alive
Set-Cookie: CoreID6=81031548187496237919136; path=/; expires=Sat, 21 Jan 2034 20:04:56 GMT TestSess3=81031548187496237919136;path=/
Keep-Alive: timeout=300, max=24
Content-Length: 0

GET
H2 200 storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.7.0.0-release_439/ Frame F521 0
0 18ms
17ms Document
text/html 2a03:6400:10:0:178:249:97:98
LivePerson

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.7.0.0-release_439/storage.secure.min.html?loc=https%3A%2F%2Fwww.trendmicro.com&site=8997926&env=prod
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/8997926/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software: ws /
Resource Hash

Request headers

:method: GET
:authority: lpcdn.lpsnmedia.net
:scheme: https
:path: /le_secure_storage/3.7.0.0-release_439/storage.secure.min.html?loc=https%3A%2F%2Fwww.trendmicro.com&site=8997926&env=prod
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:55 GMT
content-type: text/html
last-modified: Thu, 18 Oct 2018 06:30:30 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-allow-credentials: true
expires: Tue, 22 Jan 2019 20:14:55 GMT
cache-control: max-age=600

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/8997926/configuration/le-campaigns/ 3 KB
666 B 90ms
25ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LivePerson

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/8997926/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/8997926/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software: ws /
Resource Hash: 78840e7f71092f1b69fdf97d8e6fc51bed295786dfdb9245fce55c729fad2312

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
expires: Tue, 22 Jan 2019 20:05:45 GMT

GET
H2 200 8997926 Show response
va.v.liveperson.net/api/js/ 238 B
708 B 567ms
240ms Script
application/json 208.89.12.87
LivePerson

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/8997926?&cb=lpCb55536x98670&t=sp&ts=1548187495937&pid=9909763946&tid=6760425231&pt=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&r=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&sec=%5B%22%22%5D&df=0&os=1
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/8997926/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 9190319e63a7c4b3a56725719c042f904386d0b942038a7cb8dd429f4fc983cb

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
status: 200
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 243552383039605 Show response
connect.facebook.net/signals/config/ 181 KB
43 KB 90ms
89ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/243552383039605?v=2.8.37&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

42db91df95e97941c8d6f5bc1dfddbe68dbcc2e0184faf5686e8e267ebadde29

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: dW0TMpGyXtnYgOMz9w8booXF7dIg3FpnSN7Dp7Ty8K1W1tQiUyHjDAliHlrsNMGj/SfhydW1h0dR39vsYEWVxg==
date: Tue, 22 Jan 2019 20:04:56 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=1940112259&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_gid=1187758821.1548187496&gjid=1489967851&_v=j72&z=702706812
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_v=j72&z=702706812
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_v=j72&z=702706812&slf_rd=1&random=767493293

42 B
109 B

17ms
17ms

Image
image/gif

2a00:1450:4001:820::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_v=j72&z=702706812&slf_rd=1&random=767493293

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:56 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=1958441142.1548187496&jid=1344164971&_v=j72&z=702706812&slf_rd=1&random=767493293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
101 B 14ms
13ms Image
image/gif 2a00:1450:4001:814::2008
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1407778663&utmhn=www.trendmicro.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&utmhid=1940112259&utmr=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&utmp=%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&utmht=1548187496013&utmac=UA-29051577-12&utmcc=__utma%3D44797537.1958441142.1548187496.1548187496.1548187496.1%3B%2B__utmz%3D44797537.1548187496.1.1.utmcsr%3Dvisit.trendmicro.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2Fx0C0040p3IC8WQX0ZXCfSDn%3B&utmjid=837679011&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAABAAAE~

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:814::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ktag.js Show response
resources.xg4ken.com/js/v2/ 8 KB
4 KB 150ms
27ms Script
text/plain 34.250.87.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.xg4ken.com/js/v2/ktag.js?tid=KT-N3AA7-3EB

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.117.js?utv=ut4.42.201810152028

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.250.87.119 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-250-87-119.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a28ac2e7dab94ee23a1a16266f260041f9d0b9e2b14db110de48b03c22453924

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 21 Jan 2019 15:28:31 GMT
Server: nginx
ETag: "5c45e51f-cca"
Content-Type: text/plain
Cache-Control: max-age=86400, public
Connection: keep-alive
Content-Length: 3274
X-XSS-Protection: 1; mode=block
Expires: Wed, 23 Jan 2019 20:04:56 GMT

GET
H2 404 t.js
vidassets.terminus.services/480833a3-3b91-4656-a2c5-a62bf3f4d185/ 0
0 79ms
33ms Script
application/json 13.32.223.222
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vidassets.terminus.services/480833a3-3b91-4656-a2c5-a62bf3f4d185/t.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.222 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-222.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 103ms
103ms Script
application/javascript 104.244.46.48
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.99.js?utv=ut4.42.201709111706
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.46.48 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
content-encoding: gzip
age: 72290
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: mtc-tw-lon2-3-TWLON2
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1548187496.117138,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
195 B 20ms
20ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=trendmicro/nabucms/201812061729&cb=1548187496047
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: Apache
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
status: 200
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 22 Jan 2019 20:14:56 GMT

GET
H/1.1 200
OK cookie-id.js Show response
data.cmcore.com/ 49 B
324 B 559ms
132ms Script
application/x-javascript 199.255.34.44
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cmcore.com/cookie-id.js?fn=cmSetAvid
Requested by: Host: libs.coremetrics.com
URL: https://libs.coremetrics.com/eluminate.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.34.44 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 0c565577941b3ab40a246b32517e8edced36c7d480d65bd9b1299e7c01fc2176

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: Apache
Connection: Keep-Alive
Content-Type: application/x-javascript
Keep-Alive: timeout=300, max=1
Content-Length: 49
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"

GET
H/1.1

200
OK

UIGGQATVINGULPRORTYNDM.js Show response
s.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE/
Redirect Chain

https://d.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE?adroll_fpc=2913f3491f24ea112ab14ece1276273f&pv=13592951676.622334&cookie=&adroll_s_ref=http%3A//visit.trendmicro.com/x0C0040...
https://s.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE/UIGGQATVINGULPRORTYNDM.js

5 KB
2 KB

708ms
707ms

Script
text/javascript

2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE/UIGGQATVINGULPRORTYNDM.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 09c15ec54bf5d83dcebdee8fde14206d59dc302b7017d886ba43b60d6e06bca0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: QpHXGyene3dYuRZrGW2UhvvLmyllF4NO
Content-Encoding: gzip
x-amz-request-id: 73A1F6CC4738F947
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 22 Jan 2019 20:04:56 GMT
Connection: keep-alive
Content-Length: 1428
x-amz-id-2: YQjA4bPfwMhu6RP57PYPDPnCECWbiDMmGGntyzt2mmqHzHszIAGvZOvY73osJ1OmKsWWujZdAJo=
Last-Modified: Thu, 13 Sep 2018 20:13:32 GMT
Server: AmazonS3
ETag: "a39eced338dc6b8aa3dad0f6ce05c148"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Tue, 22 Jan 2019 20:04:56 GMT
X-Segment-Display-Name
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
X-Conversion-Value: 0.0
Server: nginx/1.12.1
X-Rule: *
X-Segment-Eid: UIGGQATVINGULPRORTYNDM
Location: https://s.adroll.com/pixel/BWZHCVGVU5GGVN5IX5I7Y3/3CYSTYITOVHO5JLQ3WNZZE/UIGGQATVINGULPRORTYNDM.js
Cache-Control: no-store, no-cache, must-revalidate
X-Pixel-Eid: 3CYSTYITOVHO5JLQ3WNZZE
X-Segment-Name: *
X-Advertisable-Eid: BWZHCVGVU5GGVN5IX5I7Y3
X-Conversion-Currency

GET
H/1.1 200
OK pixel;r=2071172397;rf=0;a=p-yyb3JEF9Pm8ey;url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Ema...
pixel.quantserve.com/ 35 B
479 B 9ms
9ms Image
image/gif 18.195.195.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.quantserve.com/pixel;r=2071172397;rf=0;a=p-yyb3JEF9Pm8ey;url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9;ref=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn;fpan=1;fpa=P0-472542660-1548187496151;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;je=0;sr=1600x1200x24;enc=n;dst=0;et=1548187496150;tzo=0;ogl=url.https%3A%2F%2Fwww%252Etrendmicro%252Ecom%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-cente%2Ctitle.Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage%2Cdescription.PDF%2Csite_name.Trend%20Micro%2Clocale.en_US
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.195.24 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-195-24.eu-central-1.compute.amazonaws.com
Software: QS /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: QS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
244 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=243552383039605&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&rl=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&if=false&ts=1548187496181&sw=1600&sh=1200&v=2.8.37&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1548187496178.441005453&it=1548187495989&coo=false
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 22 Jan 2019 20:04:56 GMT

GET
H2 200 adsct
t.co/i/ 43 B
166 B 208ms
207ms Image
image/gif 199.16.156.11
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.16.156.11 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 8
pragma: no-cache
last-modified: Tue, 22 Jan 2019 20:04:56 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: bd8eba2f4e10c2b31d3d821119edd3aa
x-transaction: 0029c4710098e006
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 ei_track_all_packed.js Show response
web-analytics.engagio.com/js/ 8 KB
8 KB 108ms
108ms Script
application/javascript 54.86.176.243
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/js/ei_track_all_packed.js
Requested by: Host: web-analytics.engagio.com
URL: https://web-analytics.engagio.com/js/ei.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.176.243 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-176-243.compute-1.amazonaws.com
Software: /
Resource Hash: fbbf25608d42b8a33c17138143323c1d690b10846b4710da689956113b9d3f47

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:56 GMT
cache-control: max-age=300
last-modified: Wed, 16 Jan 2019 05:41:14 GMT
content-length: 7721
vary: Origin
content-type: application/javascript; charset=utf-8

GET
H2 200 stat Show response
web-analytics.engagio.com/api/ 69 B
161 B 113ms
112ms Script
text/javascript 54.86.176.243
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/api/stat?page_url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&page_title=Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage&track_type=page&action=ei_view&category=ei_page_tracking&client_id=&account_id=9cf19ee08e632a1354184ed388f4d5f4602a763b&method=post&callback=EI.api._callbacks.s2268803
Requested by: Host: web-analytics.engagio.com
URL: https://web-analytics.engagio.com/js/ei_track_all_packed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.176.243 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-176-243.compute-1.amazonaws.com
Software: /
Resource Hash: 5ff47f7f3a1cee2bbe6686f733c67b536fc563f5f6476bc14ebff5bf093042b4

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:56 GMT
content-length: 69
vary: Origin
content-type: text/javascript; charset=utf-8

GET
H2 200 8997926 Show response
va.v.liveperson.net/api/js/ 110 B
471 B 102ms
102ms Script
application/json 208.89.12.87
LivePerson

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/8997926?sid=k03Unb8ZTE-DnnCB-0-kDQ&cb=lpCb79508x65822&t=pl&ts=1548187495967&pid=9909763946&tid=6760425231&vid=VhODk4YTVhNDVjNGZmOWJl
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/8997926/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 6f2f0a6e1e609e84d50222fa1d75f3989068ee51724276be44bbe0c24a7524c8

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
status: 200
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 /
www.facebook.com/tr/ 44 B
98 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=243552383039605&ev=Microdata&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&rl=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&if=false&ts=1548187496684&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%22%2C%22og%3Atitle%22%3A%22Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage%22%2C%22og%3Adescription%22%3A%22PDF%22%2C%22og%3Asite_name%22%3A%22Trend%20Micro%22%2C%22og%3Alocale%22%3A%22en_US%22%7D&cd[Meta]=%7B%22title%22%3A%22Ransomware%20Attack%3A%20The%20Game%20-%20Hospital%20Held%20Hostage%22%2C%22meta%3Adescription%22%3A%22PDF%22%7D&cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.8.37&r=stable&a=tmtealium&ec=1&o=30&fbp=fb.1.1548187496178.441005453&it=1548187495989&coo=false&es=automatic
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 22 Jan 2019 20:04:56 GMT

GET
H2 200 841040802592836 Show response
connect.facebook.net/signals/config/ 181 KB
43 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/841040802592836?v=2.8.37&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

7ac2c1f6f27be37c39552db3fa8549ecaa8ba01cdf3738a1dd2bfaf538b2c4d4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 44186
x-xss-protection: 0
pragma: public
x-fb-debug: odUTTsiiuc3/I85U+VXd+O6+ib7FncgXS6NJLG5cKXdWKgKkDUpUVBeY2SfZ5b6hwzBD4EMP/DhLZR/fCauckA==
date: Tue, 22 Jan 2019 20:04:56 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

204

sync
pixel.advertising.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://pixel.advertising.com/ups/55980/sync?uid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

0
299 B

12ms
10ms

Image
text/plain

52.59.59.238
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.advertising.com/ups/55980/sync?uid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.59.238 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-59-59-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Tue, 22 Jan 2019 20:04:57 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Tue, 22 Jan 2019 20:04:57 GMT
content-length: 0
location: https://pixel.advertising.com/ups/55980/sync?uid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expiration=1579723496
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expiration=1579723496&C=1

43 B
985 B

31ms
30ms

Image
image/gif

2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expiration=1579723496&C=1
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 22 Jan 2019 20:04:57 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expiration=1579723496&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Tue, 22 Jan 2019 20:04:57 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expires=365

42 B
371 B

98ms
16ms

Image
image/gif

213.19.162.80
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expires=365
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.80 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:56 GMT
Server: Rubicon Project
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-RPHost: JeZa2zzJfFEKdSM5RwaaWg
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&expires=365
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 124

GET
H2

200

pixel
sync.outbrain.com/adroll/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://sync.outbrain.com/adroll/pixel?user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

0
283 B

132ms
95ms

Image
text/plain

151.101.2.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/adroll/pixel?user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=0; includeSubDomains;
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, JFK, HHN, Europe1
x-timer: S1548187497.109208,VS0,VE83
date: Tue, 22 Jan 2019 20:04:57 GMT
x-cache: MISS, MISS
status: 200
backend-ip: 104.156.90.34
x-cache-hits: 0, 0
accept-ranges: bytes, bytes
content-length: 0
x-served-by: cache-jfk8134-JFK, cache-hhn1551-HHN

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://sync.outbrain.com/adroll/pixel?user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 96

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
817 B

75ms
17ms

Image
text/html

185.64.189.110
PubMatic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
X-lat: Pug22068:0:297
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Cache-Control: no-store, no-cache, private
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
X-Cnection: close
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 220

GET
H2

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

0
320 B

65ms
16ms

Image
text/plain

151.101.2.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:57 GMT
via: 1.1 varnish
server: nginx
x-timer: S1548187497.121787,VS0,VE8
x-cache: MISS
status: 204
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn1551-HHN

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://eb2.3lift.com/xuid?mid=4714&xuid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&dongle=c85e&gdpr=1&cmp_cs=

37 B
334 B

8ms
8ms

Image
image/gif

3.122.73.35
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&dongle=c85e&gdpr=1&cmp_cs=
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.73.35 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-122-73-35.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:57 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 37
content-type: image/gif

Redirect headers

status: 302
date: Tue, 22 Jan 2019 20:04:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE&dongle=c85e&gdpr=1&cmp_cs=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

pixel
ads.yahoo.com/
Redirect Chain

https://d.adroll.com/cm/r/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_con...

0
341 B

129ms
38ms

Image
text/plain

2a00:1288:110:833::4000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:833::4000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:57 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 248

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE

43 B
575 B

70ms
69ms

Image
image/gif

18.153.11.22
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.153.11.22 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-153-11-22.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=10
Content-Length: 43

Redirect headers

Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE%27)
https://ib.adnxs.com/bounce?%2Fpxj%3Fbidder%3D172%26seg%3D802787%26action%3Dsetuid%28%2527ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE%2527%29

43 B
989 B

21ms
20ms

Image
image/gif

185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fpxj%3Fbidder%3D172%26seg%3D802787%26action%3Dsetuid%28%2527ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE%2527%29

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:59 GMT
AN-X-Request-Uuid: fbac8956-0194-4edb-a636-1154c0455281
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.220.70.202; 185.220.70.202; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.56:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:59 GMT
AN-X-Request-Uuid: d1cb44ce-dfc3-468a-a480-d9e2786b5993
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fpxj%3Fbidder%3D172%26seg%3D802787%26action%3Dsetuid%28%2527ZmFiNDM3N2JlNWYyMzM5ZWY4YTAyOGE2ZjdlYTNiODE%2527%29
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.220.70.202; 185.220.70.202; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.40:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://idsync.rlcdn.com/377928.gif?partner_uid=fab4377be5f2339ef8a028a6f7ea3b81

0
34 B

328ms
109ms

Image
text/plain

54.209.224.234
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=fab4377be5f2339ef8a028a6f7ea3b81
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.209.224.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-209-224-234.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Tue, 22 Jan 2019 20:04:57 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://idsync.rlcdn.com/377928.gif?partner_uid=fab4377be5f2339ef8a028a6f7ea3b81
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3
https://us-u.openx.net/w/1.0/sd?id=537103138&val=fab4377be5f2339ef8a028a6f7ea3b81
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=fab4377be5f2339ef8a028a6f7ea3b81

43 B
256 B

17ms
17ms

Image
image/gif

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=fab4377be5f2339ef8a028a6f7ea3b81
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 173.241.240.143 New York, United States, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.117.2 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:57 GMT
server: OXGW/16.117.2
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Tue, 22 Jan 2019 20:04:57 GMT
server: OXGW/16.117.2
content-length: 0
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=fab4377be5f2339ef8a028a6f7ea3b81
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?advertisable=BWZHCVGVU5GGVN5IX5I7Y3&google_nid=adroll5
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=-rQ3e-XyM574oCim9-o7gQ&google_ula=1535926
https://d.adroll.com/cm/g/in?google_ula=1535926,0

42 B
510 B

32ms
31ms

Image
image/gif

54.75.253.95
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in?google_ula=1535926,0
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.253.95 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-75-253-95.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-Result: g.-1.-1.1535926.0.-1

Redirect headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:57 GMT
server: HTTP server (unknown)
location: https://d.adroll.com/cm/g/in?google_ula=1535926,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 246
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
98 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=841040802592836&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&rl=http%3A%2F%2Fvisit.trendmicro.com%2Fx0C0040p3IC8WQX0ZXCfSDn&if=false&ts=1548187496955&cd[segment_eid]=UIGGQATVINGULPRORTYNDM&sw=1600&sh=1200&v=2.8.37&r=stable&a=tmtealium&ec=0&o=29&fbp=fb.1.1548187496178.441005453&it=1548187495989&coo=false
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Tue, 22 Jan 2019 20:04:56 GMT

GET
H/1.1 200
OK Cookie set cm
analytics.trendmicro.com/ 43 B
538 B 100ms
99ms Image
image/gif 199.255.32.6
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.trendmicro.com/cm?ci=90369712&st=1548187495753&vn1=4.22.118&ec=utf-8&pi=business%3Acampaigns%3Axgen%20security%3Aresource%20center%3Aransomware%20attack%3Aen_us&ul=https%3A%2F%2Fwww.trendmicro.com&tid=9&cm_re=01_11_19-_-Notification1-_-Adware_Ransomware&tid=9&cm_re=12_11_18-_-Notification2-_-2019_Report&tid=9&cm_re=12_11_18-_-Notification3-_-Predictions_Webinar
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.32.6 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 199.255.32.6.reverse.coremetrics.com
Software: Apache /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: analytics.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Cookie: _vwo_uuid_v2=DA520A8669A562FA3635357166BC7EDB6|b33d69c89303e94c554f1435b79704ce; utag_main=v_id:0168772a6b3f0075da17b3da695400078016907000b08$_sn:1$_ss:1$_st:1548189295233$ses_id:1548187495233%3Bexp-session$_pn:1%3Bexp-session; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _gcl_au=1.1.573348409.1548187496; _vwo_uuid=DA520A8669A562FA3635357166BC7EDB6; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187494%3A93.56464727%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187495859-65458; _ga=GA1.2.1958441142.1548187496; _gid=GA1.2.1187758821.1548187496; _gat_tealium_0=1; __utma=44797537.1958441142.1548187496.1548187496.1548187496.1; __utmc=44797537; __utmz=44797537.1548187496.1.1.utmcsr=visit.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/x0C0040p3IC8WQX0ZXCfSDn; __utmt=1; __utmb=44797537.1.10.1548187496; _fbp=fb.1.1548187496178.441005453; __qca=P0-472542660-1548187496151; querystring=cm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9; CoreID6=81031548187496237919136; TestSess3=81031548187496237919136; ei_client_id=5c47776899f34300103c8e98; LPVID=VhODk4YTVhNDVjNGZmOWJl; LPSID-8997926=k03Unb8ZTE-DnnCB-0-kDQ; 90369712_login=1548187496339364165790369712; 90369712_reset=1548187496
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:57 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90369712_reset=1548187497;path=/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=300, max=9
Content-Length: 43
Expires: Mon, 21 Jan 2019 20:04:57 GMT

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm...
https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1548187497517%26pid%3D46043%26url%3Dhttps%253A%252F%252Fwww.trendmicro.com%252Fen_us%252Fbusines...
https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm...

0
93 B

158ms
158ms

Script
application/javascript

2620:109:c007:102::5be1:f885
LINKEDIN-1

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&fmt=js&s=1&cookiesTest=true&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:109:c007:102::5be1:f885 , United States, ASN197612 (LINKEDIN-1, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-ltx1
status: 200
x-li-proto: http/2
x-li-pop: PROD-IDB2
content-type: application/javascript
content-length: 20
x-li-uuid: yMeop1NEfBWAhCgwZSsAAA==

Redirect headers

date: Tue, 22 Jan 2019 20:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-edc2
content-length: 20
x-li-uuid: V55moVNEfBVAh9beyyoAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect/?time=1548187497517&pid=46043&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 _ate.track.config_resp Show response
m.addthisedge.com/live/boost/ra-57bc9d0c3028a052/ 4 KB
1 KB 272ms
213ms Script
application/javascript 23.53.172.5
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthisedge.com/live/boost/ra-57bc9d0c3028a052/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.53.172.5 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-53-172-5.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: 45f986225b824eeb00e6ce56f9126b935cfff2efbe3891df975ce9eead420e68

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:57 GMT
content-encoding: gzip
surrogate-key: ra-57bc9d0c3028a052
server: Jetty(9.4.8.v20180619)
etag: 439011089--gzip
vary: Accept-Encoding
cache-tag: ra-57bc9d0c3028a052
status: 200
cache-control: public, max-age=59, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-type: application/javascript;charset=utf-8
content-length: 992

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
266 B 238ms
238ms Script
application/javascript 199.16.156.9
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.16.156.9 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_b /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 18
pragma: no-cache
last-modified: Tue, 22 Jan 2019 20:04:57 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: dc28fd0354ea9ed28f312478688853ca
x-transaction: 00a362b40064f2d8
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 layers.180e84e0fe8648c104a3.js Show response
s7.addthis.com/static/ 261 KB
74 KB 32ms
31ms Script
application/javascript 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/static/layers.180e84e0fe8648c104a3.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.15 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-15.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e8f0b2fe84ed504ca925d6ba1194b59d16ad6ddb2ab1967f5c07fe89a84a2ae8

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:57 GMT
content-encoding: gzip
last-modified: Wed, 16 Jan 2019 16:29:17 GMT
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
x-host: s7.addthis.com
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 / Show response
graph.facebook.com/ 214 B
556 B 71ms
37ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html&callback=_ate.cbs.rcb_9xa20

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f437cc8dacdbad099027d9fa1d69fe0faa246f7bb0f635cb8533919d741c71d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Tue, 22 Jan 2019 20:04:57 GMT
x-fb-rev: 4700771
content-length: 142
pragma: no-cache
x-fb-debug: xUz+IEV1Y97bfFje4VSayW0+XVJVU2tTqXrGLB37LKeuy5foqQYAw+gf7QsnSUBgXvxGuTha4t3NDGNWEkZwZw==
x-fb-trace-id: DGMUoNBEpai
etag: "c7b55e6f673b089b6249f07f53dbd879dbc97f92"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.8
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
322 B 176ms
147ms Script
application/json 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html&callback=_ate.cbs.rcb_4tmq0
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.15 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-15.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a7b27732cadafe4f5c3cc89c09e961919d288eae3f0318b050d197bd8ed573ff

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
surrogate-key: www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html
last-modified: Tue, 22 Jan 2019 20:04:58 GMT
vary: Accept-Encoding
x-varnish: 2853643955
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
accept-ranges: bytes
content-type: application/json
content-length: 53

GET
H2 200 / Show response
graph.facebook.com/ 213 B
303 B 70ms
38ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html&callback=_ate.cbs.rcb_i05b0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

657bd6a83ea1970c13b4ea4372244d596851b3c2cfaa666a3ea6fc521a12f330

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Tue, 22 Jan 2019 20:04:57 GMT
x-fb-rev: 4700771
content-length: 140
pragma: no-cache
x-fb-debug: esxvSTZJpNmLPmOSSGC4vMHN17hZnbyt1IEHHodwQlKI3OoMjFxzeeamsg6jOVO/LuKx6fVfCK1ZyRpeYTciZQ==
x-fb-trace-id: DaS01yAYWpr
etag: "09dbb461c18ad5b82cf0336158b02f30bb95bb5e"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.8
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
322 B 203ms
176ms Script
application/json 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html&callback=_ate.cbs.rcb_51510
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.18.232.15 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-15.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe711fd2438f5c339b894a98bfec77e927d1cb56e2c57933b34904b5956cac5f

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
surrogate-key: www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html
last-modified: Tue, 22 Jan 2019 20:04:58 GMT
vary: Accept-Encoding
x-varnish: 2853644024
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
accept-ranges: bytes
content-type: application/json
content-length: 53

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Response headers

Content-Type: image/png

POST
H/1.1 204
No Content /
364bf52d.akstat.io/ 0
359 B 158ms
81ms Other
image/gif 104.111.214.229
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://364bf52d.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-214-229.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:58 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.trendmicro.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Tue, 22 Jan 2019 20:04:58 GMT

GET
H/1.1 200
OK Primary Request Cookie set datacenter-attack.html Show response
resources.trendmicro.com/ 21 KB
6 KB 313ms
312ms Document
text/html 199.15.212.64
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.trendmicro.com/datacenter-attack.html

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

199.15.212.64 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

0a0537cc71579f823a3a6f0630eb9f537ee590b9893e6a3b2178a7c6baf5a529

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: resources.trendmicro.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9

Response headers

Server: nginx
Date: Tue, 22 Jan 2019 20:04:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5640
Connection: keep-alive
P3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
Vary: *,Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: BIGipServerab08web-nginx-app_https=!I/DXaXF7c3IaCym5yiPNdgcigIaMSRbdhb2TjS+cLerPYdExULtk18oSN4lKegJjJC8DyY4vTkgKnuQ=; path=/; Httponly; Secure

POST
H/1.1 204
No Content /
364bf52d.akstat.io/ 0
359 B 146ms
145ms Other
image/gif 104.111.214.229
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://364bf52d.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-214-229.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.trendmicro.com/en_us/business/campaigns/xgen-security/resource-center/ransomware-attack.html?cm_mmc=XGen-_-Corp-_-Email-_-NT&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9
Origin: https://www.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:04:59 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.trendmicro.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Tue, 22 Jan 2019 20:04:59 GMT

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 6 KB
1 KB 140ms
137ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.sync.js
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b146eb3292f5fe271bfae9bca253f8944680e38284206440bbfec5f18f7a1824

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:59 GMT
content-encoding: gzip
last-modified: Thu, 10 Jan 2019 17:17:42 GMT
server: Apache
etag: "acf4f5faf65938e968ff9f19d4fab20d:1547140662"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 1124
expires: Tue, 22 Jan 2019 20:09:59 GMT

GET
H2 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/ 287 KB
82 KB 17ms
14ms Script
application/javascript 2606:4700::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js

Requested by

Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:59 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
last-modified: Thu, 17 May 2018 09:20:15 GMT
server: cloudflare
etag: W/"5afd494f-47a36"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Sun, 12 Jan 2020 20:04:59 GMT
cache-control: public, max-age=30672000
cf-ray: 49d4a2004c2e97c8-FRA
served-in-seconds: 0.004

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/ 26 KB
6 KB 90ms
26ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:59 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
access-control-allow-origin: *
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 6079

GET
H/1.1 200
OK Facebook-1200x630_v3.jpg
resources.trendmicro.com/rs/945-CXD-062/images/ 576 KB
576 KB 97ms
94ms Image
image/jpeg 199.15.212.64
MARKETO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.trendmicro.com/rs/945-CXD-062/images/Facebook-1200x630_v3.jpg

Requested by

Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

199.15.212.64 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

59e7806cf95531c1bb4c0d5725a9f50d67f02f3b70e305c0455418c619c8aeac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: resources.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: BIGipServerab08web-nginx-app_https=!I/DXaXF7c3IaCym5yiPNdgcigIaMSRbdhb2TjS+cLerPYdExULtk18oSN4lKegJjJC8DyY4vTkgKnuQ=
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 09 Dec 2018 18:06:49 GMT
Server: nginx
ETag: "5437cb-900c4-57c9ab65e57b4"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 590020

GET
H/1.1 200
OK 200x200
placehold.it/ 781 B
1 KB 263ms
127ms Image
image/png 2600:3c00::f03c:91ff:fe60:d792
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://placehold.it/200x200
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Server: 2600:3c00::f03c:91ff:fe60:d792 , United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: b1365d6608222bfca505deeac2ba9c2f9047852f9a59b52061b5e442011946ae

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:59 GMT
Last-Modified: Sun, 06 Jan 2019 21:00:06 GMT
Server: nginx/1.6.2
ETag: "5c326c56-30d"
X-Cache: L1
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 781
Expires: Tue, 29 Jan 2019 20:04:59 GMT

GET
H/1.1 200
OK social-twitter.png
s3.amazonaws.com/templates.knak.io/554ec5beafd55/ 5 KB
6 KB 402ms
108ms Image
image/png 52.216.166.45
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/templates.knak.io/554ec5beafd55/social-twitter.png
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.166.45 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1428ed3ac67c7d9ac3dd10aea5fcb7cc674849d7bd8b9601f7a924c0fc88a249

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:01 GMT
Last-Modified: Tue, 03 May 2016 00:45:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:33/gname:developers/uname:www-data/gid:1004/mode:33204/mtime:1462236327/atime:1462236327/ctime:1462236329
x-amz-request-id: 3514BC4925989D78
ETag: "20ea64695320c0cbfdf892d6ad08a724"
Content-Type: image/png; charset=binary
Accept-Ranges: bytes
Content-Length: 5214
x-amz-id-2: 2zWPSaLgktvdjouLf9QSlonMpqLDDR4avP0amhGLXcC0tfzMrj1aVjByuWVNWCc2kIg1Ddm5XZs=

GET
H/1.1 200
OK social-linkedin.png
s3.amazonaws.com/templates.knak.io/554ec5beafd55/ 5 KB
5 KB 421ms
121ms Image
image/png 52.216.166.45
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/templates.knak.io/554ec5beafd55/social-linkedin.png
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.166.45 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00ffdabc49c0235078ef2af42a26c309b720cfb0ed221b4e021d08427691ebbb

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:01 GMT
Last-Modified: Tue, 03 May 2016 00:45:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:33/gname:developers/uname:www-data/gid:1004/mode:33204/mtime:1462236327/atime:1462236327/ctime:1462236329
x-amz-request-id: 28CFF4E043886F3F
ETag: "a48eb83218f40b64a2d34b71aee5da20"
Content-Type: image/png; charset=binary
Accept-Ranges: bytes
Content-Length: 4738
x-amz-id-2: 8SSI8pUA5R8j8JHGe88O2tyNDQNCMkRRF7WuCEd22pbQcS7QKKh2xIg+DLCY++H6IUqvTFSb06E=

GET
H/1.1 200
OK social-facebook.png
s3.amazonaws.com/templates.knak.io/554ec5beafd55/ 4 KB
5 KB 420ms
116ms Image
image/png 52.216.166.45
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/templates.knak.io/554ec5beafd55/social-facebook.png
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.166.45 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc2229cecc8c0df72b0fbe15f9492b66dbd875c35af57c7d105e484b275724d2

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:01 GMT
Last-Modified: Tue, 03 May 2016 00:45:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:33/gname:developers/uname:www-data/gid:1004/mode:33204/mtime:1462236327/atime:1462236327/ctime:1462236329
x-amz-request-id: 400B2639CDC220FC
ETag: "7e4750050f91356512f52c1a60244e92"
Content-Type: image/png; charset=binary
Accept-Ranges: bytes
Content-Length: 4406
x-amz-id-2: goO8oGNpV6nTCg05JOJmuj2vAMKca25+RMXl7ESoQ9BS0PCLt0RUi1tqRY7tJHDaulUFD085IyI=

GET
H/1.1 200
OK social-youtube.png
s3.amazonaws.com/templates.knak.io/554ec5beafd55/ 5 KB
6 KB 429ms
114ms Image
image/png 52.216.166.45
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/templates.knak.io/554ec5beafd55/social-youtube.png
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.166.45 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45fa177aa9a133dcdb27321bd62736c678a1f732e773fc32bf8f6344a4c9bd80

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:01 GMT
Last-Modified: Tue, 03 May 2016 00:45:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:33/gname:developers/uname:www-data/gid:1004/mode:33204/mtime:1462236327/atime:1462236327/ctime:1462236329
x-amz-request-id: 32FE8013E675A4E2
ETag: "92b97b1c46c05738c03e7081f4ac721d"
Content-Type: image/png; charset=binary
Accept-Ranges: bytes
Content-Length: 5390
x-amz-id-2: 8PkB6GlJP/2c0KvnFQdOhI7a2uvV0mWdAkJXL8Y5g3pC6xklx0r1j1PG4iWuza5+WZoYu3K7SfM=

GET
H/1.1 200
OK social-blog.png
s3.amazonaws.com/templates.knak.io/554ec5beafd55/ 5 KB
6 KB 510ms
195ms Image
image/png 52.216.166.45
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/templates.knak.io/554ec5beafd55/social-blog.png
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.166.45 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f9b1606d3f1c95cf50314c0c5de331edb55754f8a54974dd0ecaf9698759a416

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:01 GMT
Last-Modified: Tue, 03 May 2016 00:45:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:33/gname:developers/uname:www-data/gid:1004/mode:33204/mtime:1462236327/atime:1462236327/ctime:1462236329
x-amz-request-id: FFEE5D4A491FFDF7
ETag: "e276474d2722eb89636742aca324bbc6"
Content-Type: image/png; charset=binary
Accept-Ranges: bytes
Content-Length: 5466
x-amz-id-2: v/lyPGCwh38/6oQHiSqDEJqgauI7/co/IlY8KqJTvg00QXlRgRIbTzmOGg8MX9H45QC1117GTWA=

GET
H/1.1 200
OK social-rss.png
s3.amazonaws.com/templates.knak.io/554ec5beafd55/ 5 KB
6 KB 464ms
149ms Image
image/png 52.216.166.45
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/templates.knak.io/554ec5beafd55/social-rss.png
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.166.45 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f609b4351837908d3117d044743a096a478a5458719c816a7bc89bb2920b7b9e

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:01 GMT
Last-Modified: Tue, 03 May 2016 00:45:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:33/gname:developers/uname:www-data/gid:1004/mode:33204/mtime:1462236327/atime:1462236327/ctime:1462236329
x-amz-request-id: 9363C4753254CAA3
ETag: "369cb2531d9948d46ce9517dcd58c480"
Content-Type: image/png; charset=binary
Accept-Ranges: bytes
Content-Length: 5411
x-amz-id-2: 4y34rdcBd3JlqklO6dbNBm/IB6c9Eu+yl45mrDaZSesWXwluOOyC43UrRGzeNU4V/cELxrneSFk=

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net// 1 KB
1 KB 12ms
11ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net//munchkin.js
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:04:59 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jun 2018 01:36:41 GMT
Server: Apache
ETag: "8a1ad47bd9401d0c4cde2aab48eeb571:1528767401"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
1 KB 8ms
7ms Script
application/javascript 159.122.87.148
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&r=0.9561171175809706
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.sync.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.148 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 94.57.7a9f.ip4.static.sl-reverse.com
Software: fra1dacdn /
Resource Hash: d90e624d461caf8939ce14369d4927928613a8659ce12ffe282a3bc70f7ebed7

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Tue, 22 Jan 2019 20:04:59 GMT
content-encoding: gzip
server: fra1dacdn
content-type: application/javascript; charset=UTF-8

GET
H2 200 va-3d21b22b243806407666de89d24a2e04.js Show response
dev.visualwebsiteoptimizer.com/5.0/ 164 KB
55 KB 10ms
8ms Script
text/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/5.0/va-3d21b22b243806407666de89d24a2e04.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&r=0.9561171175809706
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: 4b6ae1ffe9e6c6c48f898cc2e6cfd5aaa0e9e96c9ab8b83efa34a683ecbcf252

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html
Origin: https://resources.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
last-modified: Thu, 17 Jan 2019 09:12:30 GMT
server: dacdn2
access-control-allow-origin: *
etag: "5c4046fe-da65"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 55909

GET
H2 200 track-3d21b22b243806407666de89d24a2e04.js Show response
dev.visualwebsiteoptimizer.com/5.0/ 17 KB
6 KB 22ms
22ms Script
text/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/5.0/track-3d21b22b243806407666de89d24a2e04.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&r=0.9561171175809706
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: d12571fb058caba3e2478b76fc95d3f65741995d085ef27e29434b6e6d67791c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html
Origin: https://resources.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
last-modified: Thu, 17 Jan 2019 09:12:30 GMT
server: dacdn2
access-control-allow-origin: *
etag: "5c4046fe-15b9"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5561

GET
H2 200 opa-223743be8b39a88528aec7917bf9d592.js Show response
dev.visualwebsiteoptimizer.com/analysis/2.0/ 149 KB
48 KB 16ms
14ms Script
application/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/2.0/opa-223743be8b39a88528aec7917bf9d592.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&r=0.9561171175809706
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: e377c975d12c4ac249780470793574edc9f110b4fc380089393147cd12679419

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html
Origin: https://resources.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
last-modified: Mon, 14 Jan 2019 09:06:55 GMT
server: dacdn2
access-control-allow-origin: *
etag: W/"5c3c512f-2555e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=604800

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
238 B 7ms
7ms Image
image/gif 159.122.87.148
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?a=215154&d=trendmicro.com&u=DDBDDF1AB710C5A064924DF74DFDC7F26&h=2e85252eeaab19e0e9932c4c932c281a&t=false&r=0.511337916230632

Requested by

Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.122.87.148 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),

Reverse DNS

94.57.7a9f.ip4.static.sl-reverse.com

Software

fra1dacdn /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:04:59 GMT
x-content-type-options: nosniff
server: fra1dacdn
content-type: image/gif
status: 200
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 worker-68f4c079a93008e8e04f81f6476e5cc4.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 46 KB
15 KB 9ms
8ms XHR
application/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-68f4c079a93008e8e04f81f6476e5cc4.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/2.0/opa-223743be8b39a88528aec7917bf9d592.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: d11075cd7df2682b221d194573250d4aed0a6a4e3a151acf41d1b14053495b85

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://resources.trendmicro.com/datacenter-attack.html
Origin: https://resources.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:04:58 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2017 11:57:29 GMT
server: dacdn2
status: 200
etag: W/"59d4cca9-b83e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800, public, max-age=604800

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 115 KB
25 KB 32ms
31ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a314cd9ae5c16c6d88c6219a7c5a99b2d5204d16709e1190098fb3f9c2c081ea

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Thu, 10 Jan 2019 17:17:43 GMT
server: Apache
etag: "f2ed830e644d70e63c76423aee77fdec:1547140663"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 24848
expires: Tue, 22 Jan 2019 20:10:02 GMT

GET
H2 200 QsKe96BJ.min.js Show response
scripts.demandbase.com/ 56 KB
15 KB 57ms
14ms Script
application/javascript 13.32.223.99
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/QsKe96BJ.min.js
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.99 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-99.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 26fe279e4aaa2c173a087a2bd7b0b9ebbd4341a3532d652031e764e4fbe08a1b

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 06 Dec 2018 06:53:45 GMT
content-encoding: gzip
last-modified: Mon, 03 Dec 2018 23:16:28 GMT
server: AmazonS3
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: tWe2MMrM3DY4TI_Tv9XH03cITIlYPH6w
status: 200
cache-control: public, max-age=3600
content-type: application/javascript
x-amz-cf-id: GbgA5XR3Cqr0wDyT5QL26VbEtVI5rkXp8Nr4I4pjEoHK4rA7RgD6pg==
via: 1.1 8bbec5871de1c2a41003db8fbeafebf8.cloudfront.net (CloudFront)

GET
H/1.1 200
OK Cookie set datacenter-attack.html
resources.trendmicro.com/ 12 KB
12 KB 325ms
325ms Image
text/html 199.15.212.64
MARKETO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.trendmicro.com/datacenter-attack.html

Requested by

Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

199.15.212.64 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: resources.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: _vwo_uuid_v2=DDBDDF1AB710C5A064924DF74DFDC7F26|2e85252eeaab19e0e9932c4c932c281a; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=DDBDDF1AB710C5A064924DF74DFDC7F26; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187499%3A11.49058419%3A%3A%3A69_0
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: *,Accept-Encoding
P3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
Connection: keep-alive
Set-Cookie: BIGipServerab08web-nginx-app_https=!KxHslVZCwEpCgxO5yiPNdgcigIaMSdFzspEq9gGH0sPo8QJ62kC1NUMFK0So7B8yOnhbGjokLIJQ5vc=; path=/; Httponly; Secure
Content-Type: text/html; charset=utf-8
Content-Length: 5640

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/154/ 8 KB
4 KB 10ms
9ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/154/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net//munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 May 2018 02:45:27 GMT
Server: Apache
ETag: "808fc844032f646c32adce24553838be:1526611527"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3700
Expires: Thu, 02 May 2019 20:05:02 GMT

GET
H/1.1 200
OK visitWebPage Show response
945-cxd-062.mktoresp.com/webevents/ 2 B
272 B 95ms
95ms XHR
text/plain 192.28.144.124
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://945-cxd-062.mktoresp.com/webevents/visitWebPage?_mchNc=1548187502170&_mchCn=datacenter-attack&_mchId=945-CXD-062&_mchTk=_mch-trendmicro.com-1548187502169-17840&mkt_tok=eyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&_mchWs=j1RR&_mchHo=resources.trendmicro.com&_mchPo=&_mchRu=%2Fdatacenter-attack.html&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: spray-can/1.3.3 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html
Origin: https://resources.trendmicro.com

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
Server: spray-can/1.3.3
Content-Length: 22
X-Request-Id: 22800148-3a52-4a8a-bc59-8e78e4ea1ab4
Content-Type: text/plain; charset=UTF-8

GET
H2 200 utag.481.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 2 KB
1 KB 104ms
103ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.481.js?utv=201709291538
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6b0f86dc2012cd1db336eeae9dd9d7ec21c938ba4a1d94fe1ad8516fe3d86450

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2016 18:48:32 GMT
server: Apache
etag: "0c200dab85f3daddf78d3d7133b88438:1464202112"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1006
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.453.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 2 KB
1 KB 103ms
102ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.453.js?utv=201511102121
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9f6d9285c22eab0774a4cc668d53531d390298f7f2fad41fd5b50785fcd8cea6

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Tue, 10 Nov 2015 21:21:23 GMT
server: Apache
etag: "d8de9fbd703d1a54a2471b9d9297e584:1447190483"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 903
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.6.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 21 KB
5 KB 26ms
25ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.6.js?utv=201804162024
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 71edfb4f27d76ad49413198092edf4329cab5595999f41e6bf2e520ff7abb9b7

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Mon, 16 Apr 2018 20:25:03 GMT
server: Apache
etag: "a9535861bd744caa32e0968542da529c:1523910303"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 4641
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.8.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 4 KB
2 KB 25ms
25ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.8.js?utv=201510280422
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 51c7f2c85af5092a6da71587531dae2b13be5c94d33538fca4dc5527fb1eb2eb

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Thu, 16 Apr 2015 13:34:01 GMT
server: Apache
etag: "d0872c37b448798cb3518d8a3a39f7a9:1429191241"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1524
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.13.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 2 KB
1 KB 24ms
23ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.13.js?utv=201510280422
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b786898dde4af5d498600a810b5641065a237a1fd9be693ac939ba0e3de325fc

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Mon, 30 Mar 2015 14:31:21 GMT
server: Apache
etag: "ae877ccbc2b86f64ba4d8ad545bbd1ab:1427725881"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1023
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.404.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 20 KB
5 KB 26ms
26ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.404.js?utv=201808202016
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c751f71e19f3efcbb5e6a9a6bfe857d5179381c36baa951d03414899d1ac6e1e

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Thu, 16 Aug 2018 16:27:50 GMT
server: Apache
etag: "b628581d2c00dba05a66621f8cb70ab2:1534436870"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5010
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.406.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 4 KB
2 KB 29ms
29ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.406.js?utv=201510280422
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d6d3ac66c5667ea65779280694b4957869f5bdd7ba441deac9a0abaa26a86933

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Tue, 04 Aug 2015 09:27:45 GMT
server: Apache
etag: "1159c2af66546cc9a1bddf82ee7bba9e:1438680465"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1678
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 200 utag.495.js Show response
tags.tiqcdn.com/utag/trendmicro/global/prod/ 3 KB
2 KB 29ms
27ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.495.js?utv=201608182343
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 51b1a8fda4b47649f2860442eb7129f800d551d1ce0b99c001892a16592487a4

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
last-modified: Thu, 18 Aug 2016 23:43:33 GMT
server: Apache
etag: "9f40c80baf8f85eb9815806fbff5882a:1471563813"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1458
expires: Wed, 06 Feb 2019 20:05:02 GMT

GET
H2 401 ip.json Show response
api.company-target.com/api/v2/ 12 B
498 B 135ms
92ms XHR
text/plain 13.32.223.153

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v2/ip.json?referrer=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&page=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&page_title=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&key=eba779c7f412763af5d9e811908ab2274b78f024&src=tag

Requested by

Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/QsKe96BJ.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.223.153 Seattle, United States, ASN (),

Reverse DNS

server-13-32-223-153.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html
Origin: https://resources.trendmicro.com

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
via: 1.1 a84a4d90dd581e1a1c18e1bf5992b931.cloudfront.net (CloudFront)
www-authenticate: DemandBase API v2
x-cache: Error from cloudfront
status: 401
request-id: 710990d6-ccbc-4858-8001-406d3f067718
vary: Origin
content-length: 12
server: nginx
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://resources.trendmicro.com
access-control-expose-headers
access-control-allow-credentials: true
x-amz-cf-id: Gxi67KTmHMj7WB7xeScrp-e8RwmGP0k8Usa7oDaAfAs9QPM4JuraRA==
x-content-type-options: nosniff

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 10ms
9ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jun 2018 01:36:41 GMT
Server: Apache
ETag: "8a1ad47bd9401d0c4cde2aab48eeb571:1528767401"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 503
Service Unavailable ActivityServer.bs
bs.serving-sys.com/Serving/ Frame 402A 0
0 519ms
163ms Document
text/html 80.252.91.52

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/ActivityServer.bs?cn=as&ActivityID=428109&rnd=330817
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.8.js?utv=201510280422
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 80.252.91.52 Leerdam, Netherlands, ASN (),
Reverse DNS
Software: Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Host: bs.serving-sys.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://resources.trendmicro.com/datacenter-attack.html
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html

Response headers

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 22 Jan 2019 20:05:01 GMT
Connection: close
Content-Length: 326

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 15ms
14ms Script
text/javascript 2a00:1450:4016:807::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4016:807::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 1139
date: Tue, 22 Jan 2019 19:46:03 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17404
expires: Tue, 22 Jan 2019 21:46:03 GMT

GET
H/1.1 200
OK eluminate.js Show response
libs.coremetrics.com/ 156 KB
43 KB 17ms
16ms Script
application/x-javascript 184.31.90.101
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://libs.coremetrics.com/eluminate.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.90.101 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-90-101.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d56485dbbc5b55b37f96b65ac0d5245e77cf51c094d827348f2243948f2feeca

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Nov 2018 20:52:22 GMT
Server: Apache
ETag: "648ad45a24b4d2c2a79a92505d2ecc8f:1542142342"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43582

GET
H/1.1 200
OK i.js Show response
datacloud.tealiumiq.com/trendmicro/main/16/ 33 B
752 B 83ms
18ms Script
application/javascript 35.156.95.17

General

Check archive.org

Show headers Download Go to

Full URL: https://datacloud.tealiumiq.com/trendmicro/main/16/i.js?jsonp=utag.ut.getvisitorid&cb=7152562313418653
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.95.17 Frankfurt, Germany, ASN (),
Reverse DNS: ec2-35-156-95-17.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1bf3c2bc7a61528d088ad564a9ce1138491498bffc1988c38051be666b6e0c3c

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:05:02 GMT
X-ServerID: uconnect_i-004ceae1587fbca4d
X-tid: eb75eaeeeb004a2a8f056d01fc608746
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
X-acc: trendmicro:main:16:datacloud
Cache-Control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
X-Region: eu-central-1
Connection: keep-alive
Content-Type: application/javascript
X-ULVer: 1.0.230
Content-Length: 33
X-UUID: eb75eaee-eb00-4a2a-8f05-6d01fc608746
Expires: Tue, 22 Jan 2019 20:05:02 GMT

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 16ms
16ms Script
text/javascript 2a00:1450:4016:807::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4016:807::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 19:55:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 586
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1296
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:55:16 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
922 B 16ms
15ms Script
text/javascript 2a00:1450:4016:807::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4016:807::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 19:40:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 1449
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 856
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:40:53 GMT

GET
H/1.1 200
OK Cookie set revenuepulse-lib-v3.js Show response
resources.trendmicro.com/rs/945-CXD-062/images/ 2 KB
1 KB 283ms
93ms Script
application/x-javascript 199.15.212.64
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.trendmicro.com/rs/945-CXD-062/images/revenuepulse-lib-v3.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

199.15.212.64 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: resources.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: _vwo_uuid_v2=DDBDDF1AB710C5A064924DF74DFDC7F26|2e85252eeaab19e0e9932c4c932c281a; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=DDBDDF1AB710C5A064924DF74DFDC7F26; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187499%3A11.49058419%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187502169-17840; db_sampling_40=DB; utag_main=v_id:0168772a866600204ed9d03c0ec400078003707000b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1548189302182$ses_id:1548187502182%3Bexp-session; _ga=GA1.2.331506914.1548187502; _gid=GA1.2.187691469.1548187502
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Jan 2019 07:10:47 GMT
Server: nginx
ETag: "4e1ded-6f3-58006ad36e2ae"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Set-Cookie: BIGipServerab08web-nginx-app_https=!MwI8SgUYOTasjXa5yiPNdgcigIaMSQGUVF8BtCsN6dawMSBTVal00pvbjxd/0YljjDvetx/zxaKNEeQ=; path=/; Httponly; Secure
Accept-Ranges: bytes
Content-Length: 695

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=679999585&t=pageview&_s=1&dl=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&dr=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbu...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_gid=187691469.1548187502&gjid=1726768190&_v=j72&z=1877071253
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_v=j72&z=1877071253
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_v=j72&z=1877071253&slf_rd=1&random=3192934332

42 B
109 B

17ms
16ms

Image
image/gif

2a00:1450:4001:820::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_v=j72&z=1877071253&slf_rd=1&random=3192934332

Requested by

Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:05:02 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 22 Jan 2019 20:05:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-44592531-1&cid=331506914.1548187502&jid=1364511724&_v=j72&z=1877071253&slf_rd=1&random=3192934332
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 114 KB
32 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:808::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

9646077bb23fab97390acdb6e3e7388d7bb8cee5a477dfe470600c5c16e2ae68

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32442
x-xss-protection: 1; mode=block
expires: Tue, 22 Jan 2019 20:05:02 GMT

GET
H/1.1 200
OK cmcustom.js Show response
corelib.trendmicro.com/common/coremetrics/ 4 KB
4 KB 23ms
23ms Script
application/x-javascript 23.54.113.142
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://corelib.trendmicro.com/common/coremetrics/cmcustom.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.54.113.142 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-54-113-142.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: dd8351b90c28cd9a5295e1b9c8321ed472813a995104156052ebf61b3d0889d0

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: corelib.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: _vwo_uuid_v2=DDBDDF1AB710C5A064924DF74DFDC7F26|2e85252eeaab19e0e9932c4c932c281a; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=DDBDDF1AB710C5A064924DF74DFDC7F26; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187499%3A11.49058419%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187502169-17840; utag_main=v_id:0168772a866600204ed9d03c0ec400078003707000b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1548189302182$ses_id:1548187502182%3Bexp-session; _ga=GA1.2.331506914.1548187502; _gid=GA1.2.187691469.1548187502; _gat_tealium_0=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Last-Modified: Fri, 13 Dec 2013 03:35:06 GMT
Server: Apache
ETag: "1bc3a6-e97-4ed6225f16e80"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3735

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
195 B 25ms
25ms Script
application/x-javascript 104.111.215.136
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=trendmicro/global/201901101717&cb=1548187502321
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/global/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 22 Jan 2019 20:05:02 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: Apache
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
status: 200
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 22 Jan 2019 20:15:02 GMT

GET
H/1.1 200
OK i.gif
datacloud.tealiumiq.com/trendmicro/main/16/ 43 B
957 B 12ms
11ms Image
image/gif 35.156.95.17

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://datacloud.tealiumiq.com/trendmicro/main/16/i.gif?t3=0168772a866600204ed9d03c0ec400078003707000b08&t4=1548187502182&cb=0.12057416964053957
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.95.17 Frankfurt, Germany, ASN (),
Reverse DNS: ec2-35-156-95-17.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:05:02 GMT
X-ServerID: uconnect_i-00f6b271d83901404
X-tid: eb75eaeeeb004a2a8f056d01fc608746
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
X-acc: trendmicro:main:16:datacloud
Cache-Control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
X-Region: eu-central-1
Connection: keep-alive
Content-Type: image/gif
X-ULVer: 1.0.230
Content-Length: 43
X-UUID: d71c4223-e9e5-4951-a9cd-b599b0a146ac
Expires: Tue, 22 Jan 2019 20:05:02 GMT

GET
H/1.1 200
OK 90369712.js Show response
libs.coremetrics.com/configs/ 85 B
410 B 11ms
10ms Script
application/x-javascript 184.31.90.101
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://libs.coremetrics.com/configs/90369712.js
Requested by: Host: libs.coremetrics.com
URL: https://libs.coremetrics.com/eluminate.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.90.101 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-90-101.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b568b1f531806b127ff051bc59e3675d9ca4c16c979107266cf505390c36dba5

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2012 23:40:49 GMT
Server: Apache
ETag: "5db5448f69bdbbbe387a460de2443a8b:1345074414"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86

GET
H/1.1 200
OK cookie-id.js Show response
analytics.trendmicro.com/ 57 B
332 B 100ms
99ms Script
application/x-javascript 199.255.32.6
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.trendmicro.com/cookie-id.js?fn=eluminate9498
Requested by: Host: libs.coremetrics.com
URL: https://libs.coremetrics.com/eluminate.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.32.6 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 199.255.32.6.reverse.coremetrics.com
Software: Apache /
Resource Hash: 0a2a0b3dbfb721376647cce3308af494605595b624b8c9a1a4b60a2af5bd5ed1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: analytics.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: _vwo_uuid_v2=DDBDDF1AB710C5A064924DF74DFDC7F26|2e85252eeaab19e0e9932c4c932c281a; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=DDBDDF1AB710C5A064924DF74DFDC7F26; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187499%3A11.49058419%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187502169-17840; _ga=GA1.2.331506914.1548187502; _gid=GA1.2.187691469.1548187502; _gat_tealium_0=1; utag_main=v_id:0168772a866600204ed9d03c0ec400078003707000b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1548189302362$ses_id:1548187502182%3Bexp-session
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Server: Apache
Connection: Keep-Alive
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Keep-Alive: timeout=300, max=4
Content-Length: 57
Content-Type: application/x-javascript

GET
H/1.1

200
OK

Cookie set cm
analytics.trendmicro.com/
Redirect Chain

https://analytics.trendmicro.com/cm?ci=90369712&st=1548187502312&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2F...
https://analytics.trendmicro.com/cm?ci=90369712&st=1548187502312&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2F...

43 B
604 B

102ms
99ms

Image
image/gif

199.255.32.6
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.trendmicro.com/cm?ci=90369712&st=1548187502312&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&tid=6&cg=MARKETO%2F&rnd=1548195072541&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a20=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&cvdone=p
Requested by: Host: resources.trendmicro.com
URL: https://resources.trendmicro.com/datacenter-attack.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.32.6 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 199.255.32.6.reverse.coremetrics.com
Software: Apache /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: analytics.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: _vwo_uuid_v2=DDBDDF1AB710C5A064924DF74DFDC7F26|2e85252eeaab19e0e9932c4c932c281a; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=DDBDDF1AB710C5A064924DF74DFDC7F26; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241548187499%3A11.49058419%3A%3A%3A69_0; _mkto_trk=id:945-CXD-062&token:_mch-trendmicro.com-1548187502169-17840; _ga=GA1.2.331506914.1548187502; _gid=GA1.2.187691469.1548187502; _gat_tealium_0=1; utag_main=v_id:0168772a866600204ed9d03c0ec400078003707000b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1548189302362$ses_id:1548187502182%3Bexp-session; _gcl_au=1.1.2081214076.1548187502; CoreID6=81071548187502319267646; TestSess3=81071548187502319267646
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:05:02 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90369712_login=1548187502339364165790369712; path=/ 90369712_reset=1548187502;path=/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=300, max=90
Content-Length: 43
Expires: Mon, 21 Jan 2019 20:05:02 GMT

Redirect headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Location: /cm?ci=90369712&st=1548187502312&vn1=4.22.118&ec=utf-8&vn2=e4.0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&tid=6&cg=MARKETO%2F&rnd=1548195072541&pc=Y&jv=1.8.5&je=n&sw=1600&sh=1200&pd=24&tz=0&pv_a20=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&cvdone=p
Connection: Keep-Alive
Set-Cookie: CoreID6=81071548187502319267646; path=/; expires=Sat, 21 Jan 2034 20:05:02 GMT TestSess3=81071548187502319267646;path=/
Keep-Alive: timeout=300, max=12
Content-Length: 0

GET
H/1.1 200
OK cookie-id.js Show response
data.cmcore.com/ 49 B
325 B 134ms
132ms Script
application/x-javascript 199.255.34.44
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cmcore.com/cookie-id.js?fn=cmSetAvid
Requested by: Host: libs.coremetrics.com
URL: https://libs.coremetrics.com/eluminate.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.34.44 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 0c565577941b3ab40a246b32517e8edced36c7d480d65bd9b1299e7c01fc2176

Request headers

Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Server: Apache
Connection: Keep-Alive
Content-Type: application/x-javascript
Keep-Alive: timeout=300, max=30
Content-Length: 49
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"

GET
H2

200

activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresou...
5427711.fls.doubleclick.net/ Frame D33C
Redirect Chain

https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fres...
https://5427711.fls.doubleclick.net/activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-a...

0
0

57ms
56ms

Document
text/html

172.217.16.166
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://5427711.fls.doubleclick.net/activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.16.166 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f166.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: 5427711.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://resources.trendmicro.com/datacenter-attack.html
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://resources.trendmicro.com/datacenter-attack.html

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Tue, 22 Jan 2019 20:05:02 GMT
expires: Tue, 22 Jan 2019 20:05:02 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 359
x-xss-protection: 1; mode=block
set-cookie: IDE=AHWqTUmKlB3wVYA_-VVawnZtORCZIvivd9Gi5tebfuqg4AAHBxvSO56Z3KCNJh-n; expires=Sun, 16-Feb-2020 20:05:02 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Tue, 22 Jan 2019 20:05:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5427711.fls.doubleclick.net/activityi;dc_pre=CMSfgfGXguACFQEq4AodasYM2w;src=5427711;type=remar0;cat=allsi0;ord=1;num=9096336249506;gtm=2wg170;auiddc=2081214076.1548187502;u1=%2Fdatacenter-attack.html;~oref=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 1; mode=block
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Jan-2019 20:20:02 GMT; path=/; domain=.doubleclick.net
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H/1.1

200
OK

Cookie set cm
analytics.trendmicro.com/
Redirect Chain

https://analytics.trendmicro.com/cm?tid=14&ci=90369712&vn2=e4.0&st=1548187502312&vn1=4.22.118&ec=utf-8&cid=MARKETO%20-%20Trend%20Micro%20Data%20Center%20Attack%20The%20Game&cat=1&ccid=MARKETO&cpt=0...
https://analytics.trendmicro.com/cm?tid=14&ci=90369712&vn2=e4.0&st=1548187502312&vn1=4.22.118&ec=utf-8&cid=MARKETO%20-%20Trend%20Micro%20Data%20Center%20Attack%20The%20Game&cat=1&ccid=MARKETO&cpt=0...

43 B
539 B

100ms
99ms

Image
image/gif

199.255.32.6
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analytics.trendmicro.com/cm?tid=14&ci=90369712&vn2=e4.0&st=1548187502312&vn1=4.22.118&ec=utf-8&cid=MARKETO%20-%20Trend%20Micro%20Data%20Center%20Attack%20The%20Game&cat=1&ccid=MARKETO&cpt=0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rnd=1548194835038&c_a6=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen&c_a7=Corp&c_a8=Email&c_a9=NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&c_a10=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&cvdone=p
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 199.255.32.6 Durham, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 199.255.32.6.reverse.coremetrics.com
Software: Apache /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: analytics.trendmicro.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://resources.trendmicro.com/datacenter-attack.html
Cookie: 90369712_login=1548187502339364165790369712; 90369712_reset=1548187502; CoreID6=81061548187502174285377; TestSess3=81061548187502174285377
Connection: keep-alive
Cache-Control: no-cache
Referer: https://resources.trendmicro.com/datacenter-attack.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 22 Jan 2019 20:05:02 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90369712_reset=1548187502;path=/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=300, max=25
Content-Length: 43
Expires: Mon, 21 Jan 2019 20:05:02 GMT

Redirect headers

Date: Tue, 22 Jan 2019 20:05:02 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Location: /cm?tid=14&ci=90369712&vn2=e4.0&st=1548187502312&vn1=4.22.118&ec=utf-8&cid=MARKETO%20-%20Trend%20Micro%20Data%20Center%20Attack%20The%20Game&cat=1&ccid=MARKETO&cpt=0&pi=Trend%20Micro%20Data%20Center%20Attack%20The%20Game&rnd=1548194835038&c_a6=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen&c_a7=Corp&c_a8=Email&c_a9=NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&c_a10=id%3A945-CXD-062%26token%3A_mch-trendmicro.com-1548187502169-17840&ul=https%3A%2F%2Fresources.trendmicro.com%2Fdatacenter-attack.html&rf=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fbusiness%2Fcampaigns%2Fxgen-security%2Fresource-center%2Fransomware-attack.html%3Fcm_mmc%3DXGen-_-Corp-_-Email-_-NT%26mkt_tok%3DeyJpIjoiWkRSbE5UQXlNemN5WWpCaCIsInQiOiJocDVDc3NwYVFmT29QdEpnZzRUXC8rUnhXMVd6KzhtMFwvTk5XdmQ1QWlcL1F5NFV3TGV5ZHBEYWNpWFlPODVoNkJzaVdvUE1uZGlKaUxYajlwY0xpbENualhlRkNRN0x0TDJSKzduYzNmYVhMR1NXYXN0MmpnTHJXejM4aGZrSE55OCJ9&cvdone=p
Connection: Keep-Alive
Set-Cookie: CoreID6=81061548187502174285377; path=/; expires=Sat, 21 Jan 2034 20:05:02 GMT TestSess3=81061548187502174285377;path=/
Keep-Alive: timeout=300, max=40
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

407 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

364bf52d.akstat.io
5427711.fls.doubleclick.net
945-cxd-062.mktoresp.com
accdn.lpsnmedia.net
ads.yahoo.com
analytics.trendmicro.com
analytics.twitter.com
api-public.addthis.com
api.company-target.com
bs.serving-sys.com
c.go-mpulse.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
corelib.trendmicro.com
customer.cludo.com
d.adroll.com
data.cmcore.com
datacloud.tealiumiq.com
dev.visualwebsiteoptimizer.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
ib.adnxs.com
idsync.rlcdn.com
libs.coremetrics.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
m.addthisedge.com
maxcdn.bootstrapcdn.com
munchkin.marketo.net
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
placehold.it
px.ads.linkedin.com
resources.trendmicro.com
resources.xg4ken.com
rules.quantcount.com
s.adroll.com
s.ytimg.com
s3.amazonaws.com
s7.addthis.com
scripts.demandbase.com
secure.quantserve.com
simage2.pubmatic.com
sjs.bizographics.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.outbrain.com
t.co
tags.tiqcdn.com
trc.taboola.com
us-u.openx.net
va.v.liveperson.net
vidassets.terminus.services
visit.trendmicro.com
web-analytics.engagio.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.trendmicro.com
www.youtube.com
x.bidswitch.net
104.111.214.229
104.111.215.136
104.244.46.48
13.32.223.153
13.32.223.222
13.32.223.99
151.101.2.2
159.122.87.148
159.122.87.153
172.217.16.166
173.241.240.143
176.34.190.23
178.249.101.23
18.153.11.22
18.195.154.247
18.195.195.24
184.31.84.223
184.31.90.101
185.33.223.221
185.64.189.110
192.28.144.124
199.15.212.64
199.15.213.48
199.16.156.11
199.16.156.9
199.255.32.6
199.255.34.44
2.18.232.15
2.18.233.40
2.18.234.21
208.89.12.87
209.197.3.15
213.19.162.80
216.58.205.226
216.58.207.66
23.53.172.5
23.54.113.142
23.60.198.210
2600:3c00::f03c:91ff:fe60:d792
2600:9000:200d:9a00:6:44e3:f8c0:93a1
2606:4700:20::6818:4909
2606:4700::6813:c797
2620:109:c002::6cae:a0a
2620:109:c007:102::5be1:f885
2a00:1288:110:833::4000
2a00:1450:4001:808::2008
2a00:1450:4001:814::2008
2a00:1450:4001:816::200e
2a00:1450:4001:81a::2002
2a00:1450:4001:820::2003
2a00:1450:4001:820::200a
2a00:1450:4001:821::200e
2a00:1450:4001:824::2004
2a00:1450:4001:825::2003
2a00:1450:400c:c08::9c
2a00:1450:4016:807::200e
2a02:26f0:f1:28a::3adf
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a03:6400:10:0:178:249:97:98
2a03:6400:10:0:178:249:97:99
3.122.73.35
34.250.87.119
35.156.95.17
52.216.166.45
52.59.59.238
54.209.224.234
54.75.253.95
54.86.176.243
80.252.91.52
92.123.8.62
00ffdabc49c0235078ef2af42a26c309b720cfb0ed221b4e021d08427691ebbb
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
09c15ec54bf5d83dcebdee8fde14206d59dc302b7017d886ba43b60d6e06bca0
0a0537cc71579f823a3a6f0630eb9f537ee590b9893e6a3b2178a7c6baf5a529
0a2a0b3dbfb721376647cce3308af494605595b624b8c9a1a4b60a2af5bd5ed1
0c565577941b3ab40a246b32517e8edced36c7d480d65bd9b1299e7c01fc2176
0f33dbc60d6a20e7a3148a7be03fa6f3879795369bb1b38c0e97ae63e7db0d8c
1063ac942e93231a11a3ced6a6a4438e33d504b52c581ed12ee5f36c263fa6aa
109352aa292b4d29fbe877243c2a4924f3f559f6cee4b3245e05cbb18798d082
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11e4bbc1b693180f808f5cf7efd686a3ce9fc7585dc1806185f7084424162173
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1428ed3ac67c7d9ac3dd10aea5fcb7cc674849d7bd8b9601f7a924c0fc88a249
1466dd727108ff7ee3a33df8248b697678f3a7046530e98aec1b443f9e03c579
1683cc734667c1dfc51beef0720d8bc1d085ffc37ad67f0bf02d41ba25ef7551
179bace0273000f2f62b6195b3d04bd903c864344f23318a3a92a41e06628b1b
1b7a2a0b0d504e2eef6b0534ad18d0b338097db2d0d27c36045f988e8b6a4851
1bf3c2bc7a61528d088ad564a9ce1138491498bffc1988c38051be666b6e0c3c
1c0c3ded4bc24bbeaf3c728afd0e56ca95e44714285fca8d8f0edcaa471806c4
20eb4fda1ac2f303c06d61499c77af28192c8e69d3992275815ac711961bb069
235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
26fe279e4aaa2c173a087a2bd7b0b9ebbd4341a3532d652031e764e4fbe08a1b
27a9d5da522a9269ce5317f99cc458e95bcf4b13acb90fa0d6ee43910553f880
2baa08835c774cfef304fcfec7e727ae1f4f604127361ebf63d687acd0e464a0
2d3ce115a6a042047bb9bd696ce347faeb106e9227d3b321296548f623d9bef3
30cf55b9a533a5adf988d6aa18f8bbc82058d3d4a2f866f9b04db8ebbbc2ab1c
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
3902f7216a3560fb1463c20c27c0f3b0e4d97035978c61b92a7b1294954b47f9
3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
42db91df95e97941c8d6f5bc1dfddbe68dbcc2e0184faf5686e8e267ebadde29
430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575
45f986225b824eeb00e6ce56f9126b935cfff2efbe3891df975ce9eead420e68
45fa177aa9a133dcdb27321bd62736c678a1f732e773fc32bf8f6344a4c9bd80
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6ae1ffe9e6c6c48f898cc2e6cfd5aaa0e9e96c9ab8b83efa34a683ecbcf252
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e87d403169e5c9f9c706b28ff3c4c9fd9f30d3a4fd6c5e10298a0f56b0f3120
4fd08c67f3d0e5cf8e5652ac09cf46e1c22a7413baffe8966fa4a552119304dd
50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd
51b1a8fda4b47649f2860442eb7129f800d551d1ce0b99c001892a16592487a4
51c7f2c85af5092a6da71587531dae2b13be5c94d33538fca4dc5527fb1eb2eb
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5531265ecdebe91ac3fdfd4841c1d32fd4bd9694507d6448fce0ad21a3faa137
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
578459f8ab219b96f7c3d3d0799841ae14894b07b2a2db5c8a518acb4b52b429
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
59e7806cf95531c1bb4c0d5725a9f50d67f02f3b70e305c0455418c619c8aeac
5ff47f7f3a1cee2bbe6686f733c67b536fc563f5f6476bc14ebff5bf093042b4
657bd6a83ea1970c13b4ea4372244d596851b3c2cfaa666a3ea6fc521a12f330
676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca
693439cfa75855b1a00577f9244f66d2e01ac543deeb91d0d98157b748db5960
6a98155efc9187c6d9ac10ed521bea2ed65d7e44df87b8267f6c07b64dd3b8b6
6b0f86dc2012cd1db336eeae9dd9d7ec21c938ba4a1d94fe1ad8516fe3d86450
6f2f0a6e1e609e84d50222fa1d75f3989068ee51724276be44bbe0c24a7524c8
71edfb4f27d76ad49413198092edf4329cab5595999f41e6bf2e520ff7abb9b7
762a162d2e61989a1b2ed0bf516e6bdb4d8d00abf4773bca50b033444e0437f1
76a0d76f135419f4d00213037cda0cba949a0372e01ab6a1d70072008a56bd18
76bbc3dbc06335e061219740d999dcec6f4c01ebf4867e7d33ab9f3f727ca49a
78840e7f71092f1b69fdf97d8e6fc51bed295786dfdb9245fce55c729fad2312
7ac2c1f6f27be37c39552db3fa8549ecaa8ba01cdf3738a1dd2bfaf538b2c4d4
7ceac8921699838299ca7bf8ab12322f1e4adf80d29da6f7bc9126a35a15eaa9
82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8457e29991fbaa2d3088abff6e330fb8f8aac4e1c8dd4051505af727e227773d
867bd168728faba904fe15de941932d1d7537130b0edb918970901435cf39929
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
90b57e4b0d50489462d79fa75ca1b97d1b6c29868a0c47dd57be9671f483bec5
9190319e63a7c4b3a56725719c042f904386d0b942038a7cb8dd429f4fc983cb
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
9646077bb23fab97390acdb6e3e7388d7bb8cee5a477dfe470600c5c16e2ae68
9a22870bf0d1855d608ce843bbe9cb3b10fb56a0f5c26c3fee2be6ce34d57359
9d15d6be9c463e262a90401362a498e9142ee8579fe021614d89c8640c078105
9e5111182442693eb54fc6b9c3f42fcf6a29b8b6f13c9f216dbccad9e2682f7b
9f0173ed05fe8618c76272aaae6711ae0fa7ece07de8522cb6b0159d22b691f5
9f4977b5ac461125e14cd79eab7048e5586012360f5f449b4bb052b06fee031e
9f6d9285c22eab0774a4cc668d53531d390298f7f2fad41fd5b50785fcd8cea6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a28ac2e7dab94ee23a1a16266f260041f9d0b9e2b14db110de48b03c22453924
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a314cd9ae5c16c6d88c6219a7c5a99b2d5204d16709e1190098fb3f9c2c081ea
a7b27732cadafe4f5c3cc89c09e961919d288eae3f0318b050d197bd8ed573ff
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1365d6608222bfca505deeac2ba9c2f9047852f9a59b52061b5e442011946ae
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b146eb3292f5fe271bfae9bca253f8944680e38284206440bbfec5f18f7a1824
b363a5e94f358d696bf22519c6a1b9fa328411858c2c787f9d12355471dc2e66
b568b1f531806b127ff051bc59e3675d9ca4c16c979107266cf505390c36dba5
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
b786898dde4af5d498600a810b5641065a237a1fd9be693ac939ba0e3de325fc
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
bd01aae945e384b6277cb6eb92c68de34738c7185cc52fe2aa03301f736997c9
bf950200afb5df99129af3adbbb63d211605eacbdc102608fa3c1b51ffd494e1
c18b99dec861a9ffee7f0eeefc356942587a856155f8bc7f53f14a8411c302bd
c51bc8a70066881987f3cb651824cb0b0b3581f73040dfbb79b309599793c4e9
c751f71e19f3efcbb5e6a9a6bfe857d5179381c36baa951d03414899d1ac6e1e
c8e456c702931234478001bef4424a5063d46be7b65fc032ba05eba7186e08c0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc2229cecc8c0df72b0fbe15f9492b66dbd875c35af57c7d105e484b275724d2
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e
cf391d83a19d230e8659cfd9e745ec60c7874c9ac6322aac59267929503ecffc
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d11075cd7df2682b221d194573250d4aed0a6a4e3a151acf41d1b14053495b85
d12571fb058caba3e2478b76fc95d3f65741995d085ef27e29434b6e6d67791c
d2ee007d1431469e1abdaa636844eb993634b88895e9c5266430e779f7d3b52c
d474c1bfd9f15eab91498e377767f2b7288db456abb6b29ec50c4e038833eba9
d56485dbbc5b55b37f96b65ac0d5245e77cf51c094d827348f2243948f2feeca
d5f14381258973e1a93167d8b3486ae1b2665ea072feb622e1ec0a446facc400
d6d3ac66c5667ea65779280694b4957869f5bdd7ba441deac9a0abaa26a86933
d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3
d90e624d461caf8939ce14369d4927928613a8659ce12ffe282a3bc70f7ebed7
dd8351b90c28cd9a5295e1b9c8321ed472813a995104156052ebf61b3d0889d0
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e071be5dfd0660da71a9572d8726495c1ff99ac18f2f3ced3325941c2ec9a39d
e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f
e377c975d12c4ac249780470793574edc9f110b4fc380089393147cd12679419
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57d7aa2aa173860f1ae7b0b56e8eb3bbe8e1fc20f857c6579d972cda7164e1b
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e77bdb0ba7dd329aaa6c33250e5ce3cc287f47a04de1f6006ecf43202769df0d
e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10
e8f0b2fe84ed504ca925d6ba1194b59d16ad6ddb2ab1967f5c07fe89a84a2ae8
ead497b5062ce9a352d275512adcd099c47fdb0af12f98b7173e6ac1293c1e24
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f437cc8dacdbad099027d9fa1d69fe0faa246f7bb0f635cb8533919d741c71d1
f609b4351837908d3117d044743a096a478a5458719c816a7bc89bb2920b7b9e
f9b1606d3f1c95cf50314c0c5de331edb55754f8a54974dd0ecaf9698759a416
fbbf25608d42b8a33c17138143323c1d690b10846b4710da689956113b9d3f47
fcea66becd77485eb760a9a65e38d47319f69b724ae046f9b246842a1daa6c18
fe711fd2438f5c339b894a98bfec77e927d1cb56e2c57933b34904b5956cac5f

resources.trendmicro.com Open in urlscan Pro 199.15.212.64 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

178 Requests

99 %HTTPS

33 %IPv6

57 Domains

72 Subdomains

69 IPs

7 Countries

2143 kBTransfer

5383 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

178 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

resources.trendmicro.com Open in urlscan Pro
199.15.212.64 Public Scan

Screenshot
Live screenshot

Full Image

178
Requests

99 %
HTTPS

33 %
IPv6

57
Domains

72
Subdomains

69
IPs

7
Countries

2143 kB
Transfer

5383 kB
Size

0
Cookies

178 HTTP transactions
1 data transactions